Security Bulletin 14 Sep 2022

Published on 14 Sep 2022

Updated on 14 Sep 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2022-20695 A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and log in to the device as an administrator. The attacker could obtain privileges that are the same level as an administrative user but it depends on the crafted credentials. Note: This vulnerability exists because of a non-default device configuration that must be present for it to be exploitable. For details about the vulnerable configuration, see the Vulnerable Products section of this advisory. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-20695
CVE-2022-36067 vm2 is a sandbox that can run untrusted code with whitelisted Nodes built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-36067
CVE-2019-5114 An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2019-5114
CVE-2022-36130 HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-36130
CVE-2018-1312 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-1312
CVE-2019-18960 Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploFitable crashes. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18960
CVE-2020-8444 In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8444
CVE-2020-8445 In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesnt remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \\n are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8445
CVE-2020-8447 In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of syscheck formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8447
CVE-2018-1285 Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-1285
CVE-2021-22910 A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22910
CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt. Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l Affected 1.1.1-1.1.1k. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3711
CVE-2021-34746 A vulnerability in the TACACS+ authentication, authorization and accounting AAA feature of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34746
CVE-2021-3757 immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes Prototype Pollution 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3757
CVE-2021-33543 Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33543
CVE-2021-39227 ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `srccoreutil.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39227
CVE-2021-41116 Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41116
CVE-2021-38297 Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38297
CVE-2021-41080 Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a hardware details search. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41080
CVE-2021-41081 Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41081
CVE-2021-45707 An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 etcgroups groups. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45707
CVE-2021-41816 CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41816
CVE-2022-0547 OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0547
CVE-2022-1040 An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1040
CVE-2022-26612 In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesnt resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26612
CVE-2022-22954 VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22954
CVE-2022-27007 nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc when it try to invoke from a restored frame saved with njs_function_frame_save. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27007
CVE-2022-29464 Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ........repositorydeploymentserverwebapps directory. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29464
CVE-2022-27927 A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code andor customer_number parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27927
CVE-2021-43481 An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43481
CVE-2021-44596 Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the InstallAssistService.exe servicethe service is running under SYSTEM privileges and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44596
CVE-2022-29502 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29502
CVE-2022-30308 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-web-viewer-request-on POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30308
CVE-2022-30309 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-web-viewer-request-off POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30309
CVE-2022-30310 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-acknerr-request POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30310
CVE-2022-30311 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-refresh-request POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30311
CVE-2017-20049 A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-20049
CVE-2021-40663 deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes Prototype Pollution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40663
CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader e.g., see the nodejsnode reference. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37434
CVE-2022-32993 TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via cgi-binExportSettings.sh. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32993
CVE-2022-37149 WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37149
CVE-2022-31232 SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31232
CVE-2022-36749 RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component htdocsutilsFiles.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36749
CVE-2022-37021 Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. If upgrading to Java 11 is not possible, then upgrade to Apache Geode 1.15 and specify --J=-Dgeode.enableGlobalSerialFilter=true when starting any Locators or Servers. Follow the documentation for details on specifying any user classes that may be serializeddeserialized with the serializable-object-filter configuration option. Using a global serial filter will impact performance. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37021
CVE-2022-21941 All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21941
CVE-2022-30318 Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLCRTU, allowing for remote code execution, configuration manipulation and denial of service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30318
CVE-2022-37128 In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via goformwizard_end. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37128
CVE-2022-37125 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via goformNTPSyncWithHost. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37125
CVE-2022-36672 Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36672
CVE-2020-35527 In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35527
CVE-2022-34379 Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34379
CVE-2022-36601 The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36601
CVE-2022-36759 Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component dishes.php?res_id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36759
CVE-2022-25371 Apache OFBiz uses the Birt project plugin https:eclipse.github.iobirt-website to create data visualizations and reports. By leveraging a bug in Birt https:bugs.eclipse.orgbugsshow_bug.cgi?id=538142 it is possible to perform a remote code execution RCE attack in Apache OFBiz, release 18.12.05 and earlier. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25371
CVE-2022-29063 The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https:issues.apache.orgjirabrowseOFBIZ-12646. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29063
CVE-2022-38054 In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38054
CVE-2022-22096 Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22096
CVE-2022-25657 Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25657
CVE-2022-25658 Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice Music, Snapdragon Wearables 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25658
CVE-2022-25659 Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice Music, Snapdragon Wearables 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25659
CVE-2022-25668 Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice Music, Snapdragon Wearables 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25668
CVE-2020-22669 Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22669
CVE-2021-27693 Server-side Request Forgery SSRF vulnerability in PublicCMS before 4.0.202011.b via publiccmsadminueditor when the action is catchimage. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27693
CVE-2022-34371 Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34371
CVE-2022-36642 A local file disclosure vulnerability in appConfiguserDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36642
CVE-2022-3118 A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file pagesprocesslogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3118
CVE-2022-3120 A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3120
CVE-2022-2830 Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2830
CVE-2022-3122 A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3122
CVE-2022-31814 pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31814
CVE-2022-34747 A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21AAZF.12C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34747
CVE-2022-2714 Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquetrosariosis prior to 10.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2714
CVE-2022-36584 In Tenda G3 US_G3V3.0br_V15.11.0.67663_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36584
CVE-2022-37839 TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37839
CVE-2022-37840 In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37840
CVE-2022-37842 In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37842
CVE-2022-37843 In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37843
CVE-2022-40109 TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary binboa. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40109
CVE-2022-40111 In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40111
CVE-2022-26447 In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26447
CVE-2022-31860 An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31860
CVE-2022-36425 Broken Access Control vulnerability in Beaver Builder plugin = 2.5.4.3 at WordPress. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36425
CVE-2020-21516 There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21516
CVE-2022-31789 An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31789
CVE-2022-36061 Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contracts B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36061
CVE-2022-36663 Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted request_uri parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36663
CVE-2022-1368 The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an unauthenticated session. This could allow an attacker to escalate privileges to match those of the compromised account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1368
CVE-2022-36387 Broken Access Control vulnerability in Alessio Caiazzas About Me plugin = 1.0.12 at WordPress. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36387
CVE-2022-36427 Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin = 1.5 at WordPress. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36427
CVE-2022-37344 Missing Access Control vulnerability in PHP Crafts Accommodation System plugin = 1.0.1 at WordPress. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37344
CVE-2022-36587 In Tenda G3 US_G3V3.0br_V15.11.0.67663_EN_TDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36587
CVE-2022-36660 xhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_notify. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36660
CVE-2022-38309 Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at goformSetVirtualServerCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38309
CVE-2022-38310 Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at goformSetStaticRouteCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38310
CVE-2022-38311 Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at goformPowerSaveSet. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38311
CVE-2022-38312 Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at goformSetIpMacBind. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38312
CVE-2022-38313 Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at goformsaveParentControlInfo. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38313
CVE-2022-38314 Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at goformsaveParentControlInfo. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38314
CVE-2022-3129 A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3129
CVE-2022-3130 A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207873 was assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3130
CVE-2022-38250 Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38250
CVE-2022-36086 linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than `3 * size_of::usize` because of metadata write operations. This vulnerability impacts all the initialization functions on the `Heap` and `LockedHeap` types, including `Heap::new`, `Heap::init`, `Heap::init_from_slice`, and `LockedHeap::new`. It also affects multiple uses of the `Heap::extend` method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than `3 * size_of::usize` and that the `Heap::extend` method is only called with sizes larger than `2 * size_of::usize`. Also, ensure that the total heap size is and stays a multiple of `2 * size_of::usize`. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36086
CVE-2022-36585 In Tenda G3 US_G3V3.0br_V15.11.0.67663_EN_TDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36585
CVE-2021-34236 Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to bd_genie_create_account.cgi with a sufficiently long parameter register_country. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34236
CVE-2022-36586 In Tenda G3 US_G3V3.0br_V15.11.0.67663_EN_TDE, there is a buffer overflow vulnerability caused by strcpy in function 0x869f4 in the httpd binary. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36586
CVE-2022-36588 In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36588
CVE-2022-25914 The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution RCE via the isDockerInstalled function, due to attempting to execute input. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25914
CVE-2022-38394 Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38394
CVE-2022-20923 A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to the VPN from an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and access the IPSec VPN network. The attacker may obtain privileges that are the same level as an administrative user, depending on the crafted credentials that are used. Cisco has not released software updates that address this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20923
CVE-2022-36085 Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage. A bypass of this protection has been found, where the use of the `with` keyword to mock such a built-in function a feature introduced in OPA v0.40.0, isn’t taken into account by `WithUnsafeBuiltins`. Multiple conditions need to be met in order to create an adverse effect. Version 0.43.1 contains a patch for this issue. As a workaround, avoid using the `WithUnsafeBuiltins` function and use the `capabilities` feature instead. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36085
CVE-2022-37163 Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37163
CVE-2022-25765 The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25765
CVE-2022-40305 A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the cwclogin login form. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40305
CVE-2022-34718 Windows TCPIP Remote Code Execution Vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34718
CVE-2022-34721 Windows Internet Key Exchange IKE Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34721
CVE-2022-34722 Windows Internet Key Exchange IKE Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34722
CVE-2022-31149 ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a patch. As a workaround, block DNS lookups that resolve to 127.0.0.1. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-31149
CVE-2020-15472 In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in libprotocolsh323.c, as demonstrated by a payload packet length that is too short. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15472
CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnu_longlink, causing an out-of-bounds read. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33643
CVE-2022-30317 Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access CDA EpicMo 55565TCP. The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System DCS utilizes the Control Data Access CDA EpicMo protocol 55565TCP for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke a subset of desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30317
CVE-2022-34372 Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34372
CVE-2022-22062 An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22062
CVE-2022-1525 The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1525
CVE-2022-27593 An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.04.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27593
CVE-2022-36793 Unauthenticated Plugin Settings Change Data Deletion vulnerabilities in WP Shop plugin = 3.9.6 at WordPress. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36793
CVE-2022-36096 The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, its possible to store JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3. As a workaround, modify fix the vulnerability by editing the wiki page `XWiki.DeletedAttachments` with the object editor, open the `JavaScriptExtension` object and apply on the content the changes that can be found on the fix commit. 9 https://nvd.nist.gov/vuln/detail/CVE-2022-36096
CVE-2022-36098 XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, its possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update `XWiki.Mentions.MentionsMacro` and edit the `Macro code` field of the `XWiki.WikiMacroClass` XObject. 9 https://nvd.nist.gov/vuln/detail/CVE-2022-36098

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2022-39824 Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak. 8.9 https://nvd.nist.gov/vuln/detail/CVE-2022-39824
CVE-2020-6609 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6609
CVE-2020-8442 In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8442
CVE-2020-10478 CSRF in adminmanage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10478
CVE-2020-13512 A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged IO Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13512
CVE-2020-13513 A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged IO Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13513
CVE-2020-13514 A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged IO Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13514
CVE-2020-13515 A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13515
CVE-2020-13519 A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13519
CVE-2021-28660 rtw_wx_set_scan in driversstagingrtl8188euos_depioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for driversstaging* unfinished work; however, system integrators may have situations in which a driversstaging issue is relevant to their own customer base. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28660
CVE-2020-22017 A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilterdrawutils.c, which might lead to memory corruption and other potential consequences. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22017
CVE-2021-30560 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30560
CVE-2021-37219 HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37219
CVE-2021-21897 A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21897
CVE-2020-19159 Cross Site Request Forgery CSRF in LaikeTui v3 allows remote attackers to execute arbitrary code via the component index.php?module=memberaction=add. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19159
CVE-2020-21598 libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21598
CVE-2021-41275 spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback the default. A prepend_before_action option prepend: true given before the :load_object hook in Spree::UserController most likely order to find. Configured to use :null_session or :reset_session strategies :null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception. Users are advised to update their spree_auth_devise gem. For users unable to update it may be possible to change your strategy to :exception. Please see the linked GHSA for more workaround details. ### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `spree_auth_devise` are affected if `protect_from_forgery` method is both: * Executed whether as: * A before_action callback the default * A prepend_before_action option prepend: true given before the :load_object hook in Spree::UserController most likely order to find. * Configured to use :null_session or :reset_session strategies :null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception. That means that applications that havent been configured differently from what its generated with Rails arent affected. Thanks @waiting-for-dev for reporting and providing a patch ? ### Patches Spree 4.3 users should update to spree_auth_devise 4.4.1 Spree 4.2 users should update to spree_auth_devise 4.2.1 ### Workarounds If possible, change your strategy to :exception: ```ruby class ApplicationController ActionController::Base protect_from_forgery with: :exception end ``` Add the following to`configapplication.rb `to at least run the `:exception` strategy on the affected controller: ```ruby config.after_initialize do Spree::UsersController.protect_from_forgery with: :exception end ``` ### References https:github.comsolidusiosolidus_auth_devisesecurityadvisoriesGHSA-xm34-v85h-9pg2 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41275
CVE-2021-44648 GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44648
CVE-2022-22727 A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert Versions 2020 and prior 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22727
CVE-2022-21703 Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example, Editors or Admins. An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21703
CVE-2022-22590 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22590
CVE-2022-22620 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 v. 16612.4.9.1.8 and 15612.4.9.1.8. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22620
CVE-2022-1049 A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1049
CVE-2022-24812 Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded as soon as possible. As an alternative, disable fine-grained access control will mitigate the vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24812
CVE-2022-24828 Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.jsons `readme` field can be used as a vector for injecting parameters into hgMercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there Packagist does not, but maybe other integrators do. Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file``$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24828
CVE-2021-34592 In Benderebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34592
CVE-2021-44595 Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44595
CVE-2022-29500 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29500
CVE-2022-29501 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29501
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30129
CVE-2022-33891 The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33891
CVE-2022-31144 Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31144
CVE-2022-32893 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32893
CVE-2022-1271 An arbitrary file write vulnerability was found in GNU gzips zgrep utility. When zgrep is applied on the attackers chosen file name for example, a crafted file name, this can overwrite an attackers content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1271
CVE-2022-1552 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another users objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1552
CVE-2022-37184 The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37184
CVE-2022-36052 Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36052
CVE-2022-36053 Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module osnetipv6uipbuf.c that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packets end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36053
CVE-2022-36054 Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system file osnetipv6sicslowpan.c contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffers boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36054
CVE-2022-37435 Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrators passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37435
CVE-2022-1902 A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1902
CVE-2022-2447 A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defenders efforts to remove access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2447
CVE-2022-36602 InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution RCE vulnerability in the setPlatformAPI function. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36602
CVE-2022-36603 InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution RCE vulnerability in the checkUrl function. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36603
CVE-2022-39170 libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39170
CVE-2022-39176 BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profilesaudioavrcp.c does not validate params_len. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39176
CVE-2022-39177 BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profilesaudioavdtp.c. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39177
CVE-2022-39051 Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39051
CVE-2022-3008 The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3008
CVE-2022-38369 Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38369
CVE-2022-3121 A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file adminaddemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3121
CVE-2022-34883 OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34883
CVE-2022-31020 Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31020
CVE-2022-23679 AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23679
CVE-2022-23680 AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23680
CVE-2022-23684 A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches versions: AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23684
CVE-2022-2233 The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback function found in the ~adminadmin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site’s administrator into performing an action such as clicking on a link. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2233
CVE-2022-2431 The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles function found in the ~AdminMenuPackages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the file[files] parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2431
CVE-2022-2433 The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the alm_repeaters_export parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2433
CVE-2022-2434 The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the string-locator-path parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2434
CVE-2022-2436 The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the file[package_dir] parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2436
CVE-2022-2540 The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~admin.php file. This makes it possible for unauthenticated attackers to modify the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2540
CVE-2022-2541 The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~appsitesajaxactionskeyword_save.php file that is called via the doAjax function. This makes it possible for unauthenticated attackers to modify the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2541
CVE-2022-2542 The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~appsitesajaxactionskeyword_save.php file that is called via the doAjax function. This makes it possible for unauthenticated attackers to modify the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2542
CVE-2022-35847 An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35847
CVE-2022-3026 The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the Export Users functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3026
CVE-2022-36757 Xaomi Mi Browser v13.10.0-gn contains a vulnerability which allows attackers to execute arbitrary code via user interaction with a crafted URL. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36757
CVE-2022-31247 An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to createedit cluster role template bindings or project role template bindings such as cluster-owner, manage cluster members, project-owner and manage project members to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31247
CVE-2022-31166 XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor leads to adding a supplementary empty value to groups which is then resolved as a reference to XWiki.WebHome page. Adding an XWikiGroup xobject to that page then transforms it to a group, any user put in that group would then obtain the privileges related to the edited right. Note that this security issue is normally mitigated by the fact that XWiki.WebHome and XWiki space in general should be protected by default for edit rights. The problem has been patched in XWiki 13.10.4 and 14.2RC1 to not consider anymore empty values in XWikiRights. Its possible to work around the problem by setting appropriate rights on XWiki.WebHome page to prevent users to edit it. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31166
CVE-2022-37730 In ftcms 2.1, there is a Cross Site Request Forgery CSRF vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server corresponding to the identity authentication information as the victim without the victims knowledge. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37730
CVE-2022-3152 Unverified Password Change in GitHub repository phpfusionphpfusion prior to 9.10.20. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3152
CVE-2022-30078 NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30078
CVE-2022-36073 RubyGems.org is the Ruby community gem host. A bug in password email change confirmation code allowed an attacker to change their RubyGems.org accounts email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that account, and when a legitimate user attempts to create an account with their email and has to reset password to gain access and is granted access to other gems, the attacker would then be able to publish and yank versions of those gems. Commit number 90c9e6aac2d91518b479c51d48275c57de492d4d contains a patch for this issue. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36073
CVE-2022-38531 FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38531
CVE-2022-37144 The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37144
CVE-2022-34869 Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34869
CVE-2022-35273 OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35273
CVE-2022-38094 OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38094
CVE-2022-30079 Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary sbinacos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30079
CVE-2022-20696 A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20696
CVE-2022-36084 cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. If cruddl starting with version 1.1.0 and prior to versions 2.7.0 and 3.0.2 is used to generate a schema that uses `@flexSearchFulltext`, users of that schema may be able to inject arbitrary AQL queries that will be forwarded to and executed by ArangoDB. Schemas that do not use `@flexSearchFulltext` are not affected. The attacker needs to have `READ` permission to at least one root entity type that has `@flexSearchFulltext` enabled. The issue has been fixed in version 3.0.2 and in version 2.7.0 of cruddl. As a workaround, users can temporarily remove `@flexSearchFulltext` from their schemas. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36084
CVE-2022-35277 Cross-Site Request Forgery CSRF vulnerability in GetResponse plugin = 5.5.20 at WordPress. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35277
CVE-2022-37405 Cross-Site Request Forgery CSRF vulnerability in Mickey Kays Better Font Awesome plugin = 2.0.1 at WordPress. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37405
CVE-2022-38070 Privilege Escalation subscriber+ vulnerability in Pop-up plugin = 1.1.5 at WordPress. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38070
CVE-2022-38093 Multiple Cross-Site Request Forgery CSRF vulnerabilities in All in One SEO plugin = 4.2.3.1 at WordPress. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38093
CVE-2022-38144 Cross-Site Request Forgery CSRF vulnerability in gVectors Team wpForo Forum plugin = 2.0.5 at WordPress. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38144
CVE-2022-34700 Microsoft Dynamics CRM on-premises Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35805. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34700
CVE-2022-34726 Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34727, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34726
CVE-2022-34727 Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34727
CVE-2022-34730 Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34732, CVE-2022-34734. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34730
CVE-2022-34731 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34731
CVE-2022-34732 Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34734. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34732
CVE-2022-34733 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34733
CVE-2022-34734 Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34732. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34734
CVE-2022-35805 Microsoft Dynamics CRM on-premises Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34700. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35805
CVE-2022-35834 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35834
CVE-2022-35835 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35836, CVE-2022-35840. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35835
CVE-2022-35836 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35836
CVE-2022-35840 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35840
CVE-2022-35841 Windows Enterprise App Management Service Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35841
CVE-2022-37961 Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38008, CVE-2022-38009. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37961
CVE-2022-38008 Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38009. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38008
CVE-2022-38009 Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38008. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38009
CVE-2021-43775 Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash ..� sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-43775
CVE-2021-25220 BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-25220
CVE-2022-39838 Systematic FIX Adapter ALFAFX 2.4.0.25 13092017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-39838
CVE-2022-1117 A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1117
CVE-2021-35134 Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 8.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35134
CVE-2022-34383 Dell Edge Gateway 5200 EGW versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-34383
CVE-2022-34380 Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-34380
CVE-2022-2633 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the dl parameter found in the ~publicvideo.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-2633
CVE-2022-30196 Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35833. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30196
CVE-2016-5387 The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an applications outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue. NOTE: the vendor states This mitigation has been assigned the identifier CVE-2016-5387; in other words, this is not a CVE ID for a vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2016-5387
CVE-2019-17498 In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-17498
CVE-2020-6612 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6612
CVE-2020-6613 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6613
CVE-2020-6614 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-6614
CVE-2020-35490 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-35490
CVE-2020-35491 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-35491
CVE-2020-36189 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-36189
CVE-2022-28376 Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone knowing the devices serial number to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password for the verizon username is calculated by concatenating the serial number and the model i.e., the LVSKIHP string, running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28376
CVE-2022-28213 When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28213
CVE-2021-33644 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnu_longname, causing an out-of-bounds read. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33644
CVE-2022-36773 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36773
CVE-2022-2738 The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2738
CVE-2022-36071 SFTPGo is configurable SFTP server with optional HTTPS, FTPS and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP Time-based One Time Passwords as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the users password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36071
CVE-2022-31176 Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels dashboards to PNGs using a headless browser ChromiumChrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource if user has admin permissions in Grafana. All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering]https:grafana.comdocsgrafanalatestsetup-grafanaconfigure-grafana#plugingrafana-image-renderer. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31176
CVE-2022-23451 An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23451
CVE-2022-36090 XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default, so an inactive user could perform actions for such extensions. This issue has existed since at least version 1.1 of XWiki for instance configured with the email activation required for new users. Now its more critical for versions 11.3-rc-1 and later since the maintainers provided the capability to disable user without deleting them and encouraged using that feature. XWiki 14.3-rc-1 and XWiki 13.10.5 contain a patch. There is no workaround for this other than upgrading XWiki. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36090
CVE-2022-33647 Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33679. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-33647
CVE-2022-33679 Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-33679
CVE-2022-35823 Microsoft SharePoint Remote Code Execution Vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35823
CVE-2022-35830 Remote Procedure Call Runtime Remote Code Execution Vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35830
CVE-2022-21225 Improper neutralization in the IntelR Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-21225
CVE-2022-31233 Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-31233
CVE-2022-2429 The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the Export Utility functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-2429
CVE-2022-38059 Cross-Site Request Forgery CSRF vulnerability in Alexey Trofimovs Access Code Feeder plugin = 1.0.3 at WordPress. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-38059
CVE-2018-11237 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library aka glibc or libc6 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2018-11237
CVE-2020-12762 json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-12762
CVE-2021-29672 IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29672
CVE-2021-27038 A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27038
CVE-2020-6917 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6917
CVE-2020-6918 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6918
CVE-2020-6919 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6919
CVE-2020-6921 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6921
CVE-2020-6922 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6922
CVE-2022-25486 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in alertsalertConfigField.php. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25486
CVE-2022-27940 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in commonget.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27940
CVE-2022-27941 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in commonget.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27941
CVE-2022-27942 tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in commonget.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27942
CVE-2022-22516 The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22516
CVE-2022-27837 A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R11.0 and 13.0.1.1 in Android S12.0 allows attacker to access the file with system privilege. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27837
CVE-2022-1381 global heap buffer overflow in skip_range in GitHub repository vimvim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1381
CVE-2022-1616 Use after free in append_command in GitHub repository vimvim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1616
CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vimvim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1629
CVE-2022-32250 netnetfilternf_tables_api.c in the Linux kernel through 5.18.1 allows a local user able to create usernet namespaces to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32250
CVE-2022-34465 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.264, Parasolid V34.0 All versions V34.0.250, Parasolid V34.1 All versions V34.1.233, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-15420 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34465
CVE-2021-46829 GNOME GdkPixbuf aka GDK-PixBuf before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46829
CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35771. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34705
CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35761, CVE-2022-35768. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34707
CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34707, CVE-2022-35761. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35768
CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34705. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35771
CVE-2022-34711 Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34705, CVE-2022-35771. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34711
CVE-2022-29549 An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks e.g., to help ensure that a program was installed by root and without integrity checks e.g., a checksum comparison against known legitimate programs. Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is optfirebirdbinisql, where the optfirebird directory is often owned by the firebird user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29549
CVE-2022-37047 The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at commonget.c:713. NOTE: this is different from CVE-2022-27940. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37047
CVE-2022-37048 The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at commonget.c:344. NOTE: this is different from CVE-2022-27941. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37048
CVE-2022-37049 The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at commonget.c:150. NOTE: this is different from CVE-2022-27942. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37049
CVE-2022-31676 VMware Tools 12.0.0, 11.x.y and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31676
CVE-2022-32894 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32894
CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
CVE-2022-36035 Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36035
CVE-2022-1888 Alpha7 PC Loader All versions is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1888
CVE-2022-1976 A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1976
CVE-2022-34373 Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34373
CVE-2022-2319 A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2319
CVE-2022-2320 A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2320
CVE-2022-2639 An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2639
CVE-2021-25657 A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25657
CVE-2022-39189 An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39189
CVE-2021-35122 Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35122
CVE-2021-35132 Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35132
CVE-2022-22059 Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22059
CVE-2022-22061 Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22061
CVE-2022-22067 Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22067
CVE-2022-22069 Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22069
CVE-2022-22070 Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice Music, Snapdragon Wearables 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22070
CVE-2022-22080 Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice Music 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22080
CVE-2022-22097 Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22097
CVE-2022-22098 Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22098
CVE-2022-22099 Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22099
CVE-2022-22100 Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22100
CVE-2022-22102 Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22102
CVE-2022-22104 Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22104
CVE-2022-22106 Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22106
CVE-2022-25680 Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25680
CVE-2022-34382 Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34382
CVE-2022-3099 Use After Free in GitHub repository vimvim prior to 9.0.0360. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3099
CVE-2022-39831 An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilitiespspp-dump-sav.c, which allows attackers to cause a denial of service application crash or possibly have unspecified other impact. This issue is different from CVE-2018-20230. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39831
CVE-2022-39832 An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilitiespspp-dump-sav.c, which allows attackers to cause a denial of service application crash or possibly have unspecified other impact. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39832
CVE-2022-39842 An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in driversvideofbdevpxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user, a heap overflow may occur. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39842
CVE-2022-39843 123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt that can be reached via a w3r_format element in a wk3 document. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39843
CVE-2022-23681 Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX versions: AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23681
CVE-2022-23682 Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX versions: AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.06.xxxx: 10.06.0180 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23682
CVE-2022-25308 A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25308
CVE-2022-26469 In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26469
CVE-2022-29058 An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29058
CVE-2022-2735 A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the hacluster token, this flaw allows an attacker to have complete control over the cluster managed by PCS. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2735
CVE-2022-30298 An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30298
CVE-2022-31791 WatchGuard Firebox and XTM appliances allow a local attacker that has already obtained shell access to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31791
CVE-2022-36038 CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Execution RCE. A patch is available in commit number 7b3023a99499a7675f10f2c1d9effdf10c35fb6e. There are currently no known workarounds. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36038
CVE-2022-36039 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the users machine. A patch is available on the `dev` branch of the repository. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36039
CVE-2022-36042 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the users machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36042
CVE-2022-36040 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYCpython files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the users machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36040
CVE-2022-36041 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the users machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36041
CVE-2022-36043 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the users machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36043
CVE-2022-36044 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the users machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36044
CVE-2022-3134 Use After Free in GitHub repository vimvim prior to 9.0.0389. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3134
CVE-2022-26858 Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26858
CVE-2022-26860 Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26860
CVE-2022-38176 An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38176
CVE-2022-38529 tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38529
CVE-2022-38530 GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38530
CVE-2022-21950 A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21950
CVE-2022-36271 Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is missing so an attacker can use a malicious dll with same name and can get admin privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36271
CVE-2022-40299 In Singular before 4.3.1, a predictable tmp pathname is used e.g., by sdb.cc, which allows local users to gain the privileges of other users via a procedure in a file under tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40299
CVE-2022-36841 A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36841
CVE-2022-36842 A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36842
CVE-2022-36843 A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36843
CVE-2022-36844 A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36844
CVE-2022-36845 A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36845
CVE-2022-36846 A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36846
CVE-2022-36847 Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36847
CVE-2022-36849 Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36849
CVE-2022-36855 A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36855
CVE-2022-36858 A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36858
CVE-2022-36860 A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36860
CVE-2022-36862 A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36862
CVE-2022-36863 A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36863
CVE-2022-39137 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. ZDI-CAN-17276 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39137
CVE-2022-39138 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17284 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39138
CVE-2022-39139 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17289 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39139
CVE-2022-39140 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17292 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39140
CVE-2022-39141 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. ZDI-CAN-17296 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39141
CVE-2022-39142 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17485 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39142
CVE-2022-39143 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17493 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39143
CVE-2022-39144 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17494 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39144
CVE-2022-39145 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17496 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39145
CVE-2022-39146 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. ZDI-CAN-17502 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39146
CVE-2022-39147 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. ZDI-CAN-17506 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39147
CVE-2022-39148 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17513 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39148
CVE-2022-39149 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17733 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39149
CVE-2022-39150 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17735 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39150
CVE-2022-39151 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17736 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39151
CVE-2022-39152 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-17740 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39152
CVE-2022-39153 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-18187 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39153
CVE-2022-39154 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-18188 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39154
CVE-2022-39155 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-18192 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39155
CVE-2022-39156 A vulnerability has been identified in Parasolid V33.1 All versions V33.1.262, Parasolid V33.1 All versions = V33.1.262 V33.1.263, Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.161, Parasolid V35.0 All versions = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. ZDI-CAN-18196 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39156
CVE-2022-26929 .NET Framework Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26929
CVE-2022-30200 Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30200
CVE-2022-34719 Windows Distributed File System DFS Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34719
CVE-2022-34729 Windows GDI Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34729
CVE-2022-35803 Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35803
CVE-2022-35828 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35828
CVE-2022-37954 DirectX Graphics Kernel Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37954
CVE-2022-37955 Windows Group Policy Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37955
CVE-2022-37956 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37956
CVE-2022-37957 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37957
CVE-2022-37962 Microsoft PowerPoint Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37962
CVE-2022-37963 Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38010. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37963
CVE-2022-37964 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37957. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37964
CVE-2022-37969 Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37969
CVE-2022-38004 Windows Fax Service Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38004
CVE-2022-38005 Windows Print Spooler Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38005
CVE-2022-38007 Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38007
CVE-2022-38010 Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37963. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38010
CVE-2022-38019 AV1 Video Extension Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38019
CVE-2022-38012 Microsoft Edge Chromium-based Remote Code Execution Vulnerability. 7.7 https://nvd.nist.gov/vuln/detail/CVE-2022-38012
CVE-2016-8743 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-8743
CVE-2019-5815 Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5815
CVE-2020-15476 In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in libprotocolsoracle.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15476
CVE-2020-7793 The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7793
CVE-2021-2388 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code e.g., code installed by an administrator. CVSS 3.1 Base Score 7.5 Confidentiality, Integrity and Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:RS:UC:HI:HA:H. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-2388
CVE-2021-3749 axios is vulnerable to Inefficient Regular Expression Complexity 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3749
CVE-2021-41772 Go before 1.16.10 and 1.17.x before 1.17.3 allows an archivezip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41772
CVE-2021-43786 Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43786
CVE-2021-4104 JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4104
CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41817
CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41819
CVE-2022-22540 SAP NetWeaver AS ABAP Workplace Server - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22540
CVE-2022-21716 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peers SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 devzero`. A patch is available in version 22.2.0. There are currently no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21716
CVE-2021-46378 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46378
CVE-2022-0725 A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0725
CVE-2018-25032 zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-25032
CVE-2022-24790 Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for RubyRack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24790
CVE-2022-27376 MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27376
CVE-2022-27381 An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27381
CVE-2022-27008 nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat when a slow array appended element is fast array. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27008
CVE-2022-25647 The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lead to DoS attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25647
CVE-2022-28487 Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums function. The highest threat from this vulnerability is to data confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28487
CVE-2022-30522 If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30522
CVE-2022-31129 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has quadratic N^2 complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to ReDoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31129
CVE-2022-2048 In Eclipse Jetty HTTP2 server implementation, when encountering an invalid HTTP2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2048
CVE-2022-2191 In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2191
CVE-2022-36946 nfqnl_mangle in netnetfilternfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service panic because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-len. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36946
CVE-2022-37451 Exim before 4.96 has an invalid free in pam_converse in authscall_pam.c because store_free is not used after store_malloc. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37451
CVE-2022-36324 Affected devices do not properly handle the renegotiation of SSLTLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36324
CVE-2021-33645 The th_read function doesn’t free a variable t-th_buf.gnu_longlink after allocating memory, which may cause a memory leak. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33645
CVE-2021-33646 The th_read function doesn’t free a variable t-th_buf.gnu_longname after allocating memory, which may cause a memory leak. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33646
CVE-2022-32793 Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32793
CVE-2022-22728 A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22728
CVE-2022-37237 An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37237
CVE-2022-1319 A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1319
CVE-2022-37122 Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the logdownload.cgi Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37122
CVE-2022-38152 An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure struct WOLFSSL by calling wolfSSL_clearWOLFSSL* ssl on it, the next received Client Hello that resumes the previous session crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSLs compatibility layer and is not enabled by default. It is not part of wolfSSLs native API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38152
CVE-2022-36620 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via goformaddRouting. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36620
CVE-2022-36671 Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36671
CVE-2020-35525 In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35525
CVE-2021-45027 An arbitrary file download vulnerability in Oliver v5 Library Server Versions 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45027
CVE-2022-30614 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30614
CVE-2021-3826 Heapstack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service segmentation fault and crash via a crafted mangled symbol. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3826
CVE-2022-2739 The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2739
CVE-2022-32743 Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32743
CVE-2022-36604 An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36604
CVE-2022-36621 Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36621
CVE-2022-36622 Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36622
CVE-2022-25813 In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the Contact us page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25813
CVE-2022-29158 Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https:issues.apache.orgjirabrowseOFBIZ-12599 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29158
CVE-2022-36076 NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle MITM attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36076
CVE-2022-36078 Binary provides encodingdecoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using `github.comgagliardettobinary` to parse unchecked or wrong type of data from untrusted sources of input e.g. the blockchain into slices, its possible to allocate memory with excessive size. When `dec.Decodeval` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decodeval` function to parse the data, but to use a custom `UnmarshalWithDecoder` method that reads and checks the length of any slice. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36078
CVE-2022-34369 Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34369
CVE-2022-3065 Improper Access Control in GitHub repository jgraphdrawio prior to 20.2.8. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3065
CVE-2022-31152 Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules]https:spec.matrix.orgv1.2roomsv9#authorization-rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`]https:matrix-org.github.iosynapselatestusageconfigurationconfig_documentation.html#federation_domain_whitelist to an empty list `[]` as a workaround. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31152
CVE-2020-29260 libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29260
CVE-2022-39828 sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39828
CVE-2022-39829 There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39829
CVE-2022-39830 sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39830
CVE-2022-38370 Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38370
CVE-2022-2083 The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2083
CVE-2022-37841 In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in etcshadow.sample. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37841
CVE-2022-40110 TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via binboa. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40110
CVE-2022-40112 TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary binboa. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40112
CVE-2021-43565 The xcryptossh package before 0.0.0-20211202192323-5770296d904e of golang.orgxcrypto allows an attacker to panic an SSH server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43565
CVE-2022-27491 A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of blocked page HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27491
CVE-2022-27664 In nethttp in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP2 connection can hang during closing if shutdown were preempted by a fatal error. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27664
CVE-2022-28884 A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28884
CVE-2022-28885 A Denial-of-Service DoS vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28885
CVE-2022-31790 WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31790
CVE-2022-36058 Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a `MultiESDTNFTTransfer` transaction like this: `MultiESDTNFTTransfer` with a missing function name. Basic functionality like p2p messaging, storage, API requests and such are unaffected. Version 1.3.34 contains a fix for this issue. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36058
CVE-2022-37185 SQL injection vulnerability exists in the school information query interface repschoolproj.php of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37185
CVE-2022-36064 Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells `Bash` and `Dash`, or any not-officially-supported Unix shell; andor using the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. An attacker can cause polynomial backtracking or quadratic runtime in terms of the input string length due to two Regular Expressions in Shescape that are vulnerable to Regular Expression Denial of Service ReDoS. This bug has been patched in v1.5.10. For `Dash` only, this bug has been patched since v1.5.9. As a workaround, a maximum length can be enforced on input strings to Shescape to reduce the impact of the vulnerability. It is not recommended to try and detect vulnerable input strings, as the logic for this may end up being vulnerable to ReDoS itself. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36064
CVE-2022-36065 GrowthBook is an open-source platform for feature flagging and AB testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the right location, they can execute arbitrary code within the container. To be affected, ALL of the following must be true: Self-hosted deployment GrowthBook Cloud is unaffected; using local file uploads as opposed to S3 or Google Cloud Storage; NODE_ENV set to a non-production value and JWT_SECRET set to an easily guessable string like `dev`. This issue is patched in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264 2022-08-29. As a workaround, set `JWT_SECRET` environment variable to a long random string. This will stop arbitrary file uploads, but the only way to stop attackers from registering accounts is by updating to the latest build. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36065
CVE-2022-37189 DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe xml.etree library to parse untrusted XML input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37189
CVE-2022-40023 Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40023
CVE-2022-35513 The Blink1Control2 application = 2.2.7 uses weak password encryption and an insecure method of storage. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35513
CVE-2022-31414 D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a buffer overflow via srtcat in prog.cgi. This vulnerability allowed attackers to cause a Denial of Service DoS via a crafted HTTP request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31414
CVE-2022-36539 WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36539
CVE-2022-36049 Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Fluxs helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36049
CVE-2022-36079 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by `_` and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server and are only returned to the client using a valid master key. However, using query constraints, these fields can be guessed by enumerating until Parse Server, prior to versions 4.10.14 or 5.2.5, returns a response object. The patch available in versions 4.10.14 and 5.2.5 requires the maser key to use internal and protected fields as query constraints. As a workaround, implement a Parse Cloud Trigger `beforeFind` and manually remove the query constraints. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36079
CVE-2022-36081 Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `listpath:folderpath` and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36081
CVE-2022-37145 The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an attempt to obtain valid credentials for the platform users configured to use the PlexTrac authentication provider. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37145
CVE-2022-25897 The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25897
CVE-2022-28220 Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28220
CVE-2022-36091 XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldnt have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects. Sensitive configuration fields like passwords for LDAP or SMTP servers could be accessed. By exploiting an additional vulnerability, this issue can even be exploited on private wikis at least for string properties. The issue is patched in version 13.10.4 and 14.2. Password properties are no longer displayed and rights are checked for other properties. A workaround is available. The template file `suggest.vm` can be replaced by a patched version without upgrading or restarting XWiki unless it has been overridden, in which case the overridden template should be patched, too. This might need adjustments for older versions, though. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36091
CVE-2022-40280 An issue was discovered in Samsung TizenRT through 3.0_GBM and 3.1_PRE. createDB in securityprovisioningsrcprovisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40280
CVE-2022-40281 An issue was discovered in Samsung TizenRT through 3.0_GBM and 3.1_PRE. cyassl_connect_step2 in curlvtlscyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40281
CVE-2022-36853 Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36853
CVE-2022-34720 Windows Internet Key Exchange IKE Extension Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34720
CVE-2022-34724 Windows DNS Server Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34724
CVE-2022-35833 Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-30196. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35833
CVE-2022-35838 HTTP V3 Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35838
CVE-2022-37958 SPNEGO Extended Negotiation NEGOEX Security Mechanism Information Disclosure Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37958
CVE-2022-38013 .NET Core and Visual Studio Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38013
CVE-2021-25217 In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series are beyond their End-of-Life EOL and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability, The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected i.e., dhclient or dhcpd whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25217
CVE-2021-3712 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSLs own d2i functions and other similar parsing functions as well as any string whose value has been set with the ASN1_STRING_set function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the data and length fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0 function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the data field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures. It can also occur in the X509_get1_email, X509_REQ_get1_email and X509_get1_ocsp functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash causing a Denial of Service attack. It could also result in the disclosure of private memory contents such as private keys, or sensitive plaintext. Fixed in OpenSSL 1.1.1l Affected 1.1.1-1.1.1k. Fixed in OpenSSL 1.0.2za Affected 1.0.2-1.0.2y. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3712
CVE-2022-22807 A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert formerly known as EVlink Load Management System: HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML All Versions prior to SP8 Version 01 V4.0.0.13 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22807
CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victims traffic at the TCPIP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3618
CVE-2022-2996 A flaw was found in the python-scciclient when making an HTTPS connection to a server where the servers certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2996
CVE-2021-43804 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reasons length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43804
CVE-2022-32323 AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32323
CVE-2022-36069 Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash `-` and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe, because the exploit still works when the victim tries to make sure nothing can happen, e.g. by vetting any Git or Poetry config files that might be present in the directory. Versions 1.1.9 and 1.2.0b1 contain patches for this issue. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36069
CVE-2022-36070 Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the `PATH` environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented. Versions 1.1.9 and 1.2.0b1 contain patches for this issue. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36070
CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30170
CVE-2022-38011 Raw Image Extension Remote Code Execution Vulnerability. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-38011
CVE-2022-38020 Visual Studio Code Elevation of Privilege Vulnerability. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-38020
CVE-2021-23337 Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-23337
CVE-2022-36323 Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-36323
CVE-2020-26938 In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern [a-zA-Z][a-zA-Z0-9+.-]+: before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-26938
CVE-2022-37458 Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-37458
CVE-2022-36754 Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at Homedebit_credit_p. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-36754
CVE-2022-2565 The Simple Payment Donations Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-2565
CVE-2021-28398 A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesterssrcmainjavaorgfaogeonetkernelharvestharvesterlocalfilesystemLocalFilesystemHarvester.java. The earliest affected version is 3.4.0. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-28398
CVE-2022-23683 Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23683
CVE-2022-2438 The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the $log_file value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-2438
CVE-2022-2442 The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the path parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-2442
CVE-2022-37108 An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the Manage Ingesters permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-37108
CVE-2022-37780 Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the pingAddr parameter of the tracert function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-37780
CVE-2022-1807 Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1807
CVE-2022-37777 Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution RCE vulnerability via the trHops parameter of the tracert function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-37777
CVE-2022-37778 Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the current_time parameter of the time function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-37778
CVE-2022-37779 Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the sendnum parameter of the ping function. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-37779
CVE-2022-38255 Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at intervieweditQuestion.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38255
CVE-2022-38260 Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component interviewdelete.php?action=questiondeleteid=. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38260
CVE-2022-29061 An improper neutralization of special elements used in an OS command OS Command Injection vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-29061
CVE-2022-38272 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminarticlelist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38272
CVE-2022-38273 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminarticlelist_approve. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38273
CVE-2022-38274 JFinal CMS 5.1.0 is vulnerable to SQL Injection via admincommentlist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38274
CVE-2022-38275 JFinal CMS 5.1.0 is vulnerable to SQL Injection via admincontactlist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38275
CVE-2022-38276 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminfoldernoticelist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38276
CVE-2022-38277 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminfolderrollpicturelist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38277
CVE-2022-38278 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminfriendlylinklist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38278
CVE-2022-38279 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminimagealbumlist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38279
CVE-2022-38280 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminimagelist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38280
CVE-2022-38281 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminsitelist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38281
CVE-2022-38282 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminvideoalbumlist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38282
CVE-2022-38283 JFinal CMS 5.1.0 is vulnerable to SQL Injection via adminvideolist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38283
CVE-2022-38284 JFinal CMS 5.1.0 is vulnerable to SQL Injection via systemdepartmentlist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38284
CVE-2022-38285 JFinal CMS 5.1.0 is vulnerable to SQL Injection via systemmenulist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38285
CVE-2022-38286 JFinal CMS 5.1.0 is vulnerable to SQL Injection via systemrolelist. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-38286
CVE-2022-0995 An out-of-bounds OOB memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0995
CVE-2022-35822 Windows Defender Credential Guard Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-34709. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35822
CVE-2022-1404 Delta Electronics CNCSoft All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1404
CVE-2022-2901 Improper Authorization in GitHub repository chatwootchatwoot prior to 2.8. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2901
CVE-2022-2590 A race condition was found in the way the Linux kernels memory subsystem handled the copy-on-write COW breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-2590
CVE-2022-3028 A race condition was found in the Linux kernels IP framework for transforming packets XFRM subsystem when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-3028
CVE-2022-1729 A race condition was found the Linux kernel in perf_event_open which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-1729
CVE-2022-26859 Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-26859
CVE-2022-31251 A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-31251
CVE-2022-26928 Windows Photo Import API Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-26928
CVE-2022-34725 Windows ALPC Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-34725
CVE-2021-38398 The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38398
CVE-2021-35567 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 Confidentiality impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:LUI:RS:CC:HI:NA:N. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35567
CVE-2021-35097 Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice Music, Snapdragon Wearables 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35097
CVE-2021-35108 Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35108
CVE-2021-35109 Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35109
CVE-2021-35113 Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35113
CVE-2022-23691 A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23691
CVE-2021-1441 A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of parameters passed to a diagnostic script that is executed when the device boots up. An attacker could exploit this vulnerability by tampering with an executable file stored on a device. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need administrative level credentials level 15 on the device. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1441
CVE-2022-21499 KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode whenif it is triggered. CVSS 3.1 Base Score 6.7 Confidentiality, Integrity and Availability impacts. CVSS Vector: CVSS:3.1AV:LAC:LPR:HUI:NS:UC:HI:HA:H. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21499
CVE-2021-35133 Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-35133
CVE-2022-26448 In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07063849; Issue ID: ALPS07063849. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26448
CVE-2022-26449 In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177810; Issue ID: ALPS07177810. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26449
CVE-2022-26451 In ged, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07202966; Issue ID: ALPS07202966. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26451
CVE-2022-26453 In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664675; Issue ID: ALPS06664675. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26453
CVE-2022-26454 In teei, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664701; Issue ID: ALPS06664701. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26454
CVE-2022-26455 In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177858; Issue ID: ALPS07177858. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26455
CVE-2022-26457 In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138490; Issue ID: ALPS07138490. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26457
CVE-2022-26458 In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032678; Issue ID: ALPS07032678. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26458
CVE-2022-26460 In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032590; Issue ID: ALPS07032590. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26460
CVE-2022-26461 In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032604; Issue ID: ALPS07032604. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26461
CVE-2022-26464 In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032699; Issue ID: ALPS07032699. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26464
CVE-2022-26465 In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558799; Issue ID: ALPS06558799. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26465
CVE-2022-26466 In audio ipi, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558777; Issue ID: ALPS06558777. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26466
CVE-2022-26467 In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07167738; Issue ID: ALPS07167738. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26467
CVE-2022-26470 In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07116037; Issue ID: ALPS07116037. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26470
CVE-2022-36670 PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-36670
CVE-2022-37771 IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-37771
CVE-2022-1015 A flaw was found in the Linux kernel in linuxnetnetfilternf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-1015
CVE-2022-26468 In preloader usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07168125; Issue ID: ALPS07168125. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-26468
CVE-2016-0502 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2016-0502
CVE-2020-6611 GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6611
CVE-2020-6615 GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c dynapi.c is generated by gen-dynapi.pl. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6615
CVE-2020-13510 An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged IO Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13510
CVE-2020-13511 An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged IO Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13511
CVE-2020-13516 An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13516
CVE-2020-13518 An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13518
CVE-2021-29447 Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29447
CVE-2021-26414 Windows DCOM Server Security Feature Bypass 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26414
CVE-2020-20230 Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20230
CVE-2020-21600 libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21600
CVE-2020-21602 libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21602
CVE-2021-41115 Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure linkifiers that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS -- this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7]https:zulip.readthedocs.ioenlatestproductionupgrade-or-modify.html#upgrading-to-a-release, or [`main`]https:zulip.readthedocs.ioenlatestproductionupgrade-or-modify.html#upgrading-from-a-git-repository. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41115
CVE-2021-43998 HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43998
CVE-2022-0155 follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0155
CVE-2022-22592 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22592
CVE-2022-27337 A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service DoS via a crafted PDF file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27337
CVE-2022-27776 A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27776
CVE-2022-2056 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2056
CVE-2022-2057 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2057
CVE-2022-34903 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victims keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34903
CVE-2022-29900 Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29900
CVE-2022-29901 Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29901
CVE-2022-31151 Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target ie. an open redirector to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` the default. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31151
CVE-2021-46830 A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username andor profile information to gain access to files at a higher directory level than intended. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46830
CVE-2022-2330 Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 and 11.6.600 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldnt usually have access to via a carefully constructed XML file, which the DLP Agent doesnt parse correctly. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2330
CVE-2022-34368 Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34368
CVE-2022-34375 Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34375
CVE-2022-27560 HCL VersionVault Express exposes administrator credentials. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27560
CVE-2022-2521 It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2521
CVE-2022-38812 AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38812
CVE-2022-36449 An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36449
CVE-2022-36055 Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users wont create large arrays causing significant memory usage before passing them to the _strvals_ functions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36055
CVE-2022-28199 NVIDIA’s distribution of the Data Plane Development Kit MLNX_DPDK contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28199
CVE-2020-4301 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-4301
CVE-2021-20468 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20468
CVE-2021-29823 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29823
CVE-2022-1632 An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1632
CVE-2022-2238 A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2238
CVE-2022-2308 A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2308
CVE-2022-2403 A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2403
CVE-2022-36593 kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at controllerFileController.java. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36593
CVE-2022-39196 Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webappsbbcmsexecute URL. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39196
CVE-2022-38749 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38749
CVE-2022-38751 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38751
CVE-2022-38752 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38752
CVE-2022-34882 Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34882
CVE-2021-43076 An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43076
CVE-2022-29062 Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29062
CVE-2022-2402 The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2402
CVE-2022-34867 Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin = 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34867
CVE-2022-38528 Open Asset Import Library assimp commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38528
CVE-2021-36782 A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36782
CVE-2021-36783 A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36783
CVE-2022-36659 xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_write. This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36659
CVE-2022-36661 xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read. This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36661
CVE-2022-36423 OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36423
CVE-2022-37299 An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via staticueditorphpcontroller.php 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37299
CVE-2022-37959 Network Device Enrollment Service NDES Security Feature Bypass Vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37959
CVE-2022-38006 Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-35837. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38006
CVE-2022-26450 In apusys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177801; Issue ID: ALPS07177801. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26450
CVE-2022-1677 In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster routers HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1677
CVE-2022-21385 A flaw in net_rds_alloc_sgs in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 Availability impacts. CVSS Vector CVSS:3.1AV:LAC:LPR:NUI:NS:UC:NI:NA:H 6.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21385
CVE-2019-10219 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-10219
CVE-2020-9281 A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted protected comment with the cke_protected syntax. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-9281
CVE-2021-35043 OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript\: URL with #00058 as the replacement for the : character. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-35043
CVE-2021-39191 mod_auth_openidc is an authenticationauthorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39191
CVE-2021-39205 Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39205
CVE-2021-43787 Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43787
CVE-2022-0235 node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0235
CVE-2021-46379 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46379
CVE-2022-34911 An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to Welcome followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction calls ::showSuccessPage with a message as second parameter, and OutputPage::setPageTitle uses text. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34911
CVE-2022-34912 An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it wont be escaped. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34912
CVE-2022-31160 jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio refresh ` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31160
CVE-2022-1355 A stack buffer overflow flaw was found in Libtiffs tiffcp.c in main function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1355
CVE-2022-36583 DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting XSS vulnerabilities at dedeco_do.php via the dopost, rpok, and aid parameters. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36583
CVE-2022-35933 This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrators cookie. The issue is fixed in version 5.0.2. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35933
CVE-2022-3123 Cross-site Scripting XSS - Reflected in GitHub repository splitbraindokuwiki prior to 2022-07-31a. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3123
CVE-2022-2543 The Visual Portfolio, Photo Gallery Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2543
CVE-2022-26114 An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26114
CVE-2022-2518 The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main function. This makes it possible for unauthenticated attackers to modify the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2518
CVE-2022-38131 RStudio Connect is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38131
CVE-2022-37731 ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user administrator to trigger malicious code when accessing. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-37731
CVE-2022-36080 Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture users session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36080
CVE-2020-19914 Cross Site Scripting XSS in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-19914
CVE-2022-38248 Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting XSS vulnerabilities at auditlog.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38248
CVE-2022-38249 Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the MTR component in version 1.0.4. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38249
CVE-2022-38254 Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38254
CVE-2022-3138 Cross-site Scripting XSS - Generic in GitHub repository jgraphdrawio prior to 20.3.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3138
CVE-2022-3148 Cross-site Scripting XSS - Generic in GitHub repository jgraphdrawio prior to 20.3.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3148
CVE-2022-36097 XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, its possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment. This issue has been patched in XWiki 14.4-rc-1. As a workaround, one may copy `moveStep1.vm` to `webappxwikitemplatesmoveStep1.vm` and replace vulnerable code with code from the patch. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36097
CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability. 6 https://nvd.nist.gov/vuln/detail/CVE-2022-34709
CVE-2020-8617 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-8617
CVE-2020-28168 Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-28168
CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the issuer field is maliciously constructed. This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j Affected 1.1.1-1.1.1i. Fixed in OpenSSL 1.0.2y Affected 1.0.2-1.0.2x. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-23841
CVE-2021-2161 Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 Integrity impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:NS:UC:NI:HA:N. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-2161
CVE-2021-35550 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 Confidentiality impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:NS:UC:HI:NA:N. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-35550
CVE-2021-4160 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible although very difficult because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 Affected 3.0.0. Fixed in OpenSSL 1.1.1m Affected 1.1.1-1.1.1l. Fixed in OpenSSL 1.0.2zc-dev Affected 1.0.2-1.0.2zb. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-4160
CVE-2022-23634 Puma is a RubyRack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors Puma not closing the body + Rails Executor implementation causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-23634
CVE-2022-24302 In Paramiko before 2.10.1, a race condition between creation and chmod in the write_private_key_file function could allow unauthorized information disclosure. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-24302
CVE-2022-34716 .NET Spoofing Vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-34716
CVE-2022-2758 All versions of LS Industrial Systems LSIS Co. Ltd LS Electric PLCs and XG5000 PLC programming software are affected where passwords are not adequately encrypted during the communication process between the XG5000 software and the affected PLC. This would allow an attacker to identify and decrypt the affected PLC’s password by sniffing the traffic. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-2758
CVE-2022-38153 An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a free: invalid pointer message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-38153
CVE-2021-44718 wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle MITM position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-44718
CVE-2022-23678 A vulnerability in the Aruba Virtual Intranet Access VIA client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access VIA client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access VIA Client that address this security vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-23678
CVE-2022-36072 SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the `0e` symbols were being handled as zero multiplied with the `e` number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using `===` instead of `==` in comparisons where it is possible e.g. on sign insign up handlers. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-36072
CVE-2019-25076 The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service delays of legitimate traffic via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion TSE attack. 5.8 https://nvd.nist.gov/vuln/detail/CVE-2019-25076
CVE-2022-35962 Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-35962
CVE-2020-8446 In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8446
CVE-2020-8448 In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a denial of service NULL pointer dereference via crafted messages written directly to the analysisd UNIX domain socket by a local user. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8448
CVE-2020-13517 An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted IO request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13517
CVE-2021-29338 Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option -ImgDir on a directory that contains 1048576 files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29338
CVE-2020-21675 A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ptk format. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21675
CVE-2020-21676 A stack-based buffer overflow in the genpstrx_text component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21676
CVE-2021-26337 Insufficient DRAM address validation in System Management Unit SMU may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26337
CVE-2021-39048 IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39048
CVE-2021-45958 UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45958
CVE-2021-34600 Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34600
CVE-2021-22570 Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto files name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22570
CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46665
CVE-2021-46668 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46668
CVE-2020-6920 Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6920
CVE-2021-44269 An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file srcpack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44269
CVE-2022-27939 tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in commonget.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27939
CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free on an uninitialized pointer, leading to a segmentation fault and a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1122
CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vimvim prior to 8.2.4774. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1420
CVE-2022-21151 Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21151
CVE-2022-21504 The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.5 Availability impacts. CVSS Vector: CVSS:3.1AV:LAC:LPR:LUI:NS:UC:NI:NA:H. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21504
CVE-2022-36313 An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36313
CVE-2022-36879 An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in netxfrmxfrm_policy.c can cause a refcount to be dropped twice. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36879
CVE-2022-2497 An issue has been discovered in GitLab CEEE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integrations access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2497
CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34710, CVE-2022-34712. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34704
CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30197. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34708
CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34704, CVE-2022-34712. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34710
CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34704, CVE-2022-34710. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34712
CVE-2022-26373 Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26373
CVE-2021-3997 A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in tmp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3997
CVE-2022-1016 A flaw was found in the Linux kernel in netnetfilternf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1016
CVE-2020-35538 A crafted input file could cause a null pointer dereference in jcopy_sample_rows when processed by libjpeg-turbo. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35538
CVE-2022-1263 A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1263
CVE-2022-1325 A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1325
CVE-2022-1354 A heap buffer overflow flaw was found in Libtiffs tiffinfo.c in TIFFReadRawDataStriped function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1354
CVE-2022-1975 There is a sleep-in-atomic bug in netnfcnetlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1975
CVE-2022-28625 A local disclosure of sensitive information vulnerability was discovered in HPE OneView versions: Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28625
CVE-2020-27784 A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl printer_ioctl tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27784
CVE-2020-35530 In LibRaw, there is an out-of-bounds write vulnerability within the new_node function libraw\\src\\x3f\\x3f_utils_patched.cpp that can be triggered via a crafted X3F file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35530
CVE-2020-35531 In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff function libraw\\src\\x3f\\x3f_utils_patched.cpp when reading data from an image file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35531
CVE-2020-35532 In LibRaw, an out-of-bounds read vulnerability exists within the simple_decode_row function libraw\\src\\x3f\\x3f_utils_patched.cpp which can be triggered via an image with a large row_stride field. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35532
CVE-2020-35533 In LibRaw, an out-of-bounds read vulnerability exists within the LibRaw::adobe_copy_pixel function libraw\\src\\decoders\\dng.cpp when reading data from the image file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35533
CVE-2020-35534 In LibRaw, there is a memory corruption vulnerability within the crxFreeSubbandData function libraw\\src\\decoders\\crx.cpp when processing cr3 files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35534
CVE-2020-35535 In LibRaw, there is an out-of-bounds read vulnerability within the LibRaw::parseSonySRF function libraw\\src\\metadata\\sony.cpp when processing srf files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35535
CVE-2022-3061 Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl interface. The driver doesnt check the value of pixclock, so it may cause a divide by zero error. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3061
CVE-2021-39009 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39009
CVE-2021-39045 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39045
CVE-2022-1615 In Samba, GnuTLS gnutls_rnd can fail and give predictable random values. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1615
CVE-2022-2806 It was found that the ovirt-log-collectorsosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2806
CVE-2022-38126 Assertion fail in the display_debug_names function in binutilsdwarf.c may lead to program crash and denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38126
CVE-2022-38127 A NULL pointer dereference in the read_and_display_attr_value function in binutilsdwarf.c may lead to program crash when parsing corrupt DWARF data. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38127
CVE-2022-38128 An infinite loop may be triggered in display_debug_abbrev function in binutilsdwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38128
CVE-2022-3078 An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc and lack of free after allocation in driversmediatest-driversvidtvvidtv_s302m.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3078
CVE-2022-39190 An issue was discovered in netnetfilternf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39190
CVE-2021-35135 A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice Music, Snapdragon Wearables 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35135
CVE-2022-22101 Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22101
CVE-2022-34378 Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34378
CVE-2022-36647 PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header at sourcecommonheader.cc:269. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36647
CVE-2022-38750 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38750
CVE-2022-2775 The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed for example in multisite setup 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2775
CVE-2022-25309 A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the --caprtl option, leading to a crash and causing a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25309
CVE-2022-25310 A segmentation fault SEGV flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks function of the libfribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25310
CVE-2022-3153 NULL Pointer Dereference in GitHub repository vimvim prior to 9.0.0404. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3153
CVE-2022-36848 Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36848
CVE-2022-36854 Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36854
CVE-2022-38064 OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38064
CVE-2022-34723 Windows DPAPI Data Protection Application Programming Interface Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34723
CVE-2022-34728 Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35837, CVE-2022-38006. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34728
CVE-2022-35831 Windows Remote Access Connection Manager Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35831
CVE-2022-35832 Windows Event Tracing Denial of Service Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35832
CVE-2021-41802 HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41802
CVE-2022-21702 Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21702
CVE-2021-34590 In Benderebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-34590
CVE-2022-30874 There is a Cross Site Scripting Stored XSS vulnerability in NukeViet CMS before 4.5.02. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-30874
CVE-2022-31097 Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch. As a workaround, it is possible to disable alerting or use legacy alerting. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31097
CVE-2022-31677 An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31677
CVE-2022-33935 Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-33935
CVE-2022-38790 Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript\: link in the UI. When clicked by a victim user, the script will execute with the victims permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-38790
CVE-2022-25370 Apache OFBiz uses the Birt plugin https:eclipse.github.iobirt-website to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt https:bugs.eclipse.orgbugsshow_bug.cgi?id=538142, an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25370
CVE-2022-36639 A stored cross-site scripting XSS vulnerability in client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36639
CVE-2022-2597 The Visual Portfolio, Photo Gallery Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2597
CVE-2022-3127 Cross-site Scripting XSS - Stored in GitHub repository jgraphdrawio prior to 20.2.8. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3127
CVE-2021-43080 An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-43080
CVE-2022-1628 The Simple SEO plugin for WordPress is vulnerable to attribute-based stored Cross-Site Scripting in versions up to, and including 1.7.91, due to insufficient sanitization or escaping on the SEO social and standard title parameters. This can be exploited by authenticated users with Contributor and above permissions to inject arbitrary web scripts into postspages that execute whenever an administrator access the page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1628
CVE-2022-2430 The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Text Block feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2430
CVE-2022-2515 The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those without administrative capabilities when access is granted to those users, to inject arbitrary web scripts in page that will execute whenever a user role having access to Simple Banner accesses the plugins settings. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2515
CVE-2022-2516 The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the postpage Title value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2516
CVE-2022-2517 The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the Caption - On Hover value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2517
CVE-2022-2695 The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the caption parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2695
CVE-2022-2716 The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the Text Editor block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2716
CVE-2022-2934 The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the Image URL value found in the Media block in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2934
CVE-2022-2935 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugins features available to lower privileged users through the Who Can Edit? setting then this can be exploited by those users. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2935
CVE-2022-2936 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugins features available to lower privileged users through the Who Can Edit? setting then this can be exploited by those users. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2936
CVE-2022-31792 A stored cross-site scripting XSS vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. A remote attacker can potentially execute arbitrary JavaScript code in the management web interface by sending crafted requests to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31792
CVE-2022-37253 Persistent cross-site scripting XSS in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-37253
CVE-2022-2925 Cross-site Scripting XSS - Stored in GitHub repository appwriteappwrite prior to 1.0.0-RC1. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2925
CVE-2022-37407 Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities in WPChill Gallery PhotoBlocks plugin = 1.2.6 at WordPress. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-37407
CVE-2022-40191 Authenticated subscriber+ Stored Cross-Site Scripting XSS vulnerability in Ali Khallads Contact Form By Mega Forms plugin = 1.2.4 at WordPress. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-40191
CVE-2022-38639 A cross-site scripting XSS vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-38639
CVE-2020-14370 An information disclosure vulnerability was found in containerspodman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14370
CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-28500
CVE-2021-2163 Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 Integrity impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:RS:UC:NI:HA:N. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-2163
CVE-2021-38554 HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 1.6.6 releases. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-38554
CVE-2021-27668 HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-27668
CVE-2021-35556 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code e.g., code installed by an administrator. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35556
CVE-2021-35559 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35559
CVE-2021-35561 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Utility. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35561
CVE-2021-35564 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Integrity impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:LA:N. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35564
CVE-2021-35565 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35565
CVE-2021-35578 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35578
CVE-2021-35586 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35586
CVE-2022-21271 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21271
CVE-2022-21277 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21277
CVE-2022-21282 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Confidentiality impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:LI:NA:N. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21282
CVE-2022-21283 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21283
CVE-2022-21291 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Integrity impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:LA:N. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21291
CVE-2022-21293 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21293
CVE-2022-21294 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21294
CVE-2022-21296 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Confidentiality impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:LI:NA:N. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21296
CVE-2022-21299 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21299
CVE-2022-21305 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Integrity impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:LA:N. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21305
CVE-2022-21340 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21340
CVE-2022-21341 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21341
CVE-2022-21349 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21349
CVE-2022-21360 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21360
CVE-2022-21365 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21365
CVE-2022-21366 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:NA:L. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21366
CVE-2022-0396 BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0396
CVE-2021-42778 A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42778
CVE-2021-42779 A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42779
CVE-2021-42780 A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42780
CVE-2021-42781 Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42781
CVE-2021-42782 Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42782
CVE-2022-36046 Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server]https:nextjs.orgdocsadvanced-featurescustom-server. Deployments on Vercel [vercel.com]https:vercel.com are not affected along with similar environments where `next-server` isnt being shared across requests. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36046
CVE-2022-1841 In subsysnetiptcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1841
CVE-2022-2663 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2663
CVE-2022-36638 An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36638
CVE-2022-2376 The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2376
CVE-2022-38367 The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-38367
CVE-2022-23690 A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23690
CVE-2022-2461 The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the tp_translation AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2461
CVE-2022-2462 The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the tp_history AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2462
CVE-2022-2939 The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the author parameter found in the ~cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2939
CVE-2022-36032 ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHPs HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36032
CVE-2022-32277 Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a users contact details. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32277
CVE-2022-1522 The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1522
CVE-2022-36082 mangadex-downloader is a command-line tool to download manga from MangaDex. When using `file:location` command and `location` is a web URL location http, https, mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36082
CVE-2022-36083 JOSE is JSON Web Almost Everything - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtimes native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named `p2c` PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order to make password brute-force and dictionary attacks more expensive. This makes the PBES2 algorithms unsuitable for situations where the JWE is coming from an untrusted source: an adversary can intentionally pick an extremely high PBES2 Count value, that will initiate a CPU-bound computation that may take an unreasonable amount of time to finish. Under certain conditions, it is possible to have the users environment consume unreasonable amount of CPU time. The impact is limited only to users utilizing the JWE decryption APIs with symmetric secrets to decrypt JWEs from untrusted parties who do not limit the accepted JWE Key Management Algorithms `alg` Header Parameter using the `keyManagementAlgorithms` or `algorithms` in v1.x decryption option or through other means. The `v1.28.2`, `v2.0.6`, `v3.20.4`, and `v4.9.2` releases limit the maximum PBKDF2 iteration count to `10000` by default. It is possible to adjust this limit with a newly introduced `maxPBES2Count` decryption option. If users are unable to upgrade their required library version, they have two options depending on whether they expect to receive JWEs using any of the three PBKDF2-based JWE key management algorithms. They can use the `keyManagementAlgorithms` decryption option to disable accepting PBKDF2 altogether, or they can inspect the JOSE Header prior to using the decryption API and limit the PBKDF2 iteration count `p2c` Header Parameter. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36083
CVE-2022-37146 The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider take significantly longer than those for invalid users, allowing for valid users to be enumerated by an unauthenticated remote attacker. Note that the lockout policy implemented in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked user accounts and user accounts that do not exist, but does not prevent valid, unlocked users from being enumerated. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-37146
CVE-2022-20863 A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-20863
CVE-2022-27967 Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to WebAppSettingsExclusionGetExclusionsProfiles. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27967
CVE-2022-27968 Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to WebAppSettingsFileMonitorGetFileMonitorProfiles. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27968
CVE-2022-27969 Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to WebAppDeceptionUserGetAllDeceptionUsers. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27969
CVE-2022-36861 Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36861
CVE-2021-43788 Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. 5 https://nvd.nist.gov/vuln/detail/CVE-2021-43788
CVE-2022-35837 Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006. 5 https://nvd.nist.gov/vuln/detail/CVE-2022-35837
CVE-2021-45042 In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user with write permissions to a kv secrets engine to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-45042
CVE-2021-32570 In Ericsson Network Manager ENM releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-32570
CVE-2022-0718 A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-0718
CVE-2022-23452 An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-23452
CVE-2022-2764 A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-2764
CVE-2022-39194 An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions including page moves were performed. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-39194
CVE-2022-2717 The JoomSport – for Sports: Team League, Football, Hockey more plugin for WordPress is vulnerable to SQL Injection via the orderby parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-2717
CVE-2022-2718 The JoomSport – for Sports: Team League, Football, Hockey more plugin for WordPress is vulnerable to SQL Injection via the orderby parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-2718
CVE-2022-2943 The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-2943
CVE-2020-10462 Reflected XSS in adminedit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10462
CVE-2020-10463 Reflected XSS in adminedit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10463
CVE-2020-10464 Reflected XSS in adminedit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10464
CVE-2020-10465 Reflected XSS in adminedit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10465
CVE-2020-10466 Reflected XSS in adminedit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10466
CVE-2020-10467 Reflected XSS in adminedit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10467
CVE-2020-10468 Reflected XSS in adminedit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10468
CVE-2020-10469 Reflected XSS in adminmanage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10469
CVE-2020-10470 Reflected XSS in adminmanage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10470
CVE-2020-10472 Reflected XSS in adminmanage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10472
CVE-2020-10473 Reflected XSS in adminmanage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10473
CVE-2020-10474 Reflected XSS in adminmanage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10474
CVE-2020-10475 Reflected XSS in adminmanage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10475
CVE-2020-10476 Reflected XSS in adminmanage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10476
CVE-2020-10477 Reflected XSS in adminmanage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10477
CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like ..foo, or \\\\..\\foo, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus limited path traversal, if the calling code would use the result to construct a path value. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29425
CVE-2022-36325 Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36325
CVE-2022-37679 Miniblog.Core v1.0 was discovered to contain a cross-site scripting XSS vulnerability in the component blogedit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37679
CVE-2022-39839 Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39839
CVE-2022-39840 Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message DM. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39840
CVE-2022-39049 An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39049
CVE-2022-39050 An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39050
CVE-2022-2271 The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2271
CVE-2021-36829 Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in MyThemeShop Launcher: Coming Soon Maintenance Mode plugin = 1.0.11 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36829
CVE-2022-2473 The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text] parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2473
CVE-2022-2941 The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the Naming Conventions section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2941
CVE-2022-34656 Authenticated admin+ Cross-Site Scripting XSS vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin = 1.7.4 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34656
CVE-2022-36057 Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36057
CVE-2022-38247 Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the System Settings page under the Admin panel. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38247
CVE-2022-38251 Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the System Performance Settings page under the Admin panel. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38251
CVE-2022-35275 Authenticated shop manager+ Reflected Cross-Site Scripting XSS vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin = 3.3.1 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35275
CVE-2022-35725 Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Hans Matzens wp-forecast plugin = 7.5 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35725
CVE-2022-36356 Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Liam Gladdy Thirty8 Digital Culture Object plugin = 4.0.1 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36356
CVE-2022-37335 Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in WHAs Word Search Puzzles game plugin = 2.0.1 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37335
CVE-2022-37403 Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Nikhil Vaghelas Add User Role plugin = 0.0.1 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37403
CVE-2022-37404 Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Christian Salazars add2fav plugin = 1.0 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37404
CVE-2022-37412 Authenticated admin+ Reflected Cross-Site Scripting XSS vulnerability in Galerio Urdas Better Delete Revision plugin = 1.6.1 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37412
CVE-2022-38068 Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Apasionados Export Post Info plugin = 1.1.0 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38068
CVE-2021-3521 There is a flaw in RPMs signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3521
CVE-2022-39188 An issue was discovered in includeasm-generictlb.h in the Linux kernel before 5.19. Because of a race condition unmap_mapping_range versus munmap, a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-39188
CVE-2022-38170 In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-38170
CVE-2022-40307 An issue was discovered in the Linux kernel through 5.19.8. driversfirmwareeficapsule-loader.c has a race condition with a resultant use-after-free. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-40307
CVE-2022-36850 Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-36850
CVE-2022-20066 In atf hwfde, there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20066
CVE-2022-26456 In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545473; Issue ID: ALPS06545473. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26456
CVE-2022-26459 In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032634; Issue ID: ALPS07032634. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26459
CVE-2022-26462 In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032660; Issue ID: ALPS07032660. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26462
CVE-2022-26463 In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032686; Issue ID: ALPS07032686. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26463
CVE-2020-10479 CSRF in adminadd-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10479
CVE-2020-10481 CSRF in adminadd-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10481
CVE-2020-10482 CSRF in adminadd-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10482
CVE-2020-10483 CSRF in adminajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10483
CVE-2020-10484 CSRF in adminadd-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10484
CVE-2020-10485 CSRF in adminmanage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10485
CVE-2020-10486 CSRF in adminmanage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10486
CVE-2021-2369 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code e.g., code installed by an administrator. CVSS 3.1 Base Score 4.3 Integrity impacts. CVSS Vector: CVSS:3.1AV:NAC:LPR:NUI:RS:UC:NI:LA:N. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-2369
CVE-2022-21713 Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `teams:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `teams:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `teams:teamIdmembers` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21713
CVE-2022-0897 A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver-nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirts API virConnectNumOfNWFilters to crash the network filter management daemon libvirtdvirtnwfilterd. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0897
CVE-2022-36048 Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer’s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled]https:zulip.comhelpallow-image-link-previews are not affected. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36048
CVE-2022-2657 The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status identified by WPScan when verifying the issue for example. Other unauthenticated attacks are also possible, either directly or via CSRF 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2657
CVE-2022-23686 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service andor the management plane of the switch in ArubaOS-CX Switches versions: AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23686
CVE-2022-23687 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service andor the management plane of the switch in ArubaOS-CX Switches versions: AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23687
CVE-2022-23688 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service andor the management plane of the switch in ArubaOS-CX Switches versions: AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23688
CVE-2022-23689 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service andor the management plane of the switch in ArubaOS-CX Switches versions: AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23689
CVE-2022-2432 The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site administrator into performing an action such as clicking on a link. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2432
CVE-2022-33177 Cross-Site Request Forgery CSRF vulnerability in WPdevelopOplugins Booking Calendar plugin = 9.2.1 at WordPress leading to Translations Update. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-33177
CVE-2022-38058 Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-38058
CVE-2019-0197 A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http1.1 to http2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this issue. 4.2 https://nvd.nist.gov/vuln/detail/CVE-2019-0197
CVE-2022-1697 Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. 4.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1697
CVE-2022-1974 A use-after-free flaw was found in the Linux kernels NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1974
CVE-2021-23839 OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested. The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1 have configured SSLv2 support at compile time this is off by default, 2 have configured SSLv2 support at runtime this is off by default, 3 have configured SSLv2 ciphersuites these are not in the default ciphersuite list OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23 function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23 function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y Affected 1.0.2s-1.0.2x. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-23839
CVE-2021-2432 Vulnerability in the Java SE product of Oracle Java SE component: JNDI. The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:NS:UC:NI:NA:L. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-2432
CVE-2021-35603 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 Confidentiality impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:NS:UC:LI:NA:N. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-35603
CVE-2022-21248 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 Integrity impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:NS:UC:NI:LA:N. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21248
CVE-2020-16116 In kerfufflejobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via .. directory traversal. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-16116
CVE-2020-24654 In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a users home directory. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-24654
CVE-2021-3574 A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3574
CVE-2022-29053 A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29053
CVE-2022-22314 IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22314
CVE-2022-36852 Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36852
CVE-2022-36856 Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36856
CVE-2021-2341 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code e.g., code installed by an administrator. CVSS 3.1 Base Score 3.1 Confidentiality impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:RS:UC:LI:NA:N. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2021-2341
CVE-2021-35588 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service partial DOS of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 Availability impacts. CVSS Vector: CVSS:3.1AV:NAC:HPR:NUI:RS:UC:NI:NA:L. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2021-35588
CVE-2022-36422 Rating increasedecrease via race condition in Lester GaMerZ Chan WP-PostRatings plugin = 1.89 at WordPress. 3.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36422
CVE-2022-2945 The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the type parameter found in the alm_get_layout function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2022-2945
CVE-2022-35931 Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2022-35931
CVE-2022-36857 Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36857
CVE-2001-1583 lpd daemon in.lpd in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. https://nvd.nist.gov/vuln/detail/CVE-2001-1583
CVE-2003-1229 X509TrustManager in 1 Java Secure Socket Extension JSSE in SDK and JRE 1.4.0 through 1.4.0_01, 2 JSSE before 1.0.3, 3 Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and 4 Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to 1 falsely authenticate peers for SSL or 2 incorrectly validate signed JAR files. https://nvd.nist.gov/vuln/detail/CVE-2003-1229
CVE-2008-2578 Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors. https://nvd.nist.gov/vuln/detail/CVE-2008-2578
CVE-2008-2577 Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors. https://nvd.nist.gov/vuln/detail/CVE-2008-2577
CVE-2009-1191 mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. https://nvd.nist.gov/vuln/detail/CVE-2009-1191
CVE-2014-3581 The cache_merge_headers_out function in modulescachecache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header. https://nvd.nist.gov/vuln/detail/CVE-2014-3581
CVE-2014-8109 mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. https://nvd.nist.gov/vuln/detail/CVE-2014-8109
CVE-2015-2571 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. https://nvd.nist.gov/vuln/detail/CVE-2015-2571
CVE-2015-2573 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. https://nvd.nist.gov/vuln/detail/CVE-2015-2573
CVE-2015-2582 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. https://nvd.nist.gov/vuln/detail/CVE-2015-2582
CVE-2015-2643 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. https://nvd.nist.gov/vuln/detail/CVE-2015-2643
CVE-2015-2648 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. https://nvd.nist.gov/vuln/detail/CVE-2015-2648
CVE-2015-4752 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. https://nvd.nist.gov/vuln/detail/CVE-2015-4752
CVE-2015-4802 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. https://nvd.nist.gov/vuln/detail/CVE-2015-4802
CVE-2015-4815 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. https://nvd.nist.gov/vuln/detail/CVE-2015-4815
CVE-2015-4816 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. https://nvd.nist.gov/vuln/detail/CVE-2015-4816
CVE-2015-4826 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. https://nvd.nist.gov/vuln/detail/CVE-2015-4826
CVE-2015-4830 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. https://nvd.nist.gov/vuln/detail/CVE-2015-4830
CVE-2015-4858 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. https://nvd.nist.gov/vuln/detail/CVE-2015-4858
CVE-2015-4866 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. https://nvd.nist.gov/vuln/detail/CVE-2015-4866
CVE-2015-4870 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. https://nvd.nist.gov/vuln/detail/CVE-2015-4870
CVE-2022-35913 Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each others paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. Note that the attacker could use multiple paynyms. https://nvd.nist.gov/vuln/detail/CVE-2022-35913
CVE-2022-31167 XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that its possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-31167
CVE-2022-30312 The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller IC protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller IC protocol 57612UDP. The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller IC protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are reused for other applications, their compromise could potentially facilitate lateral movement. https://nvd.nist.gov/vuln/detail/CVE-2022-30312
CVE-2022-36088 GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files x86`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files x86`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions. https://nvd.nist.gov/vuln/detail/CVE-2022-36088
CVE-2022-36089 KubeVela is an application delivery platform Users using KubeVelas VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the `PlatformID` as the signed key to generate the JWT tokens for users. Another API called `getSystemInfo` exposes the platformID. This vulnerability allows users to use the platformID to re-generate the JWT tokens to bypass the authentication. Versions 1.4.11 and 1.5.4 contain a patch for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36089
CVE-2022-33941 PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected productsversions are as follows: PowerCMS 6.021 and earlier PowerCMS 6 Series, PowerCMS 5.21 and earlier PowerCMS 5 Series, and PowerCMS 4.51 and earlier PowerCMS 4 Series. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected by this vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-33941
CVE-2022-36403 Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. https://nvd.nist.gov/vuln/detail/CVE-2022-36403
CVE-2022-38399 Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the products specific serial connection https://nvd.nist.gov/vuln/detail/CVE-2022-38399
CVE-2022-38400 Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL. https://nvd.nist.gov/vuln/detail/CVE-2022-38400
CVE-2022-37164 Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. https://nvd.nist.gov/vuln/detail/CVE-2022-37164
CVE-2022-37857 bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. https://nvd.nist.gov/vuln/detail/CVE-2022-37857
CVE-2022-36092 XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects, though class and property name must be known. This is also exploitable on private wikis. This has been patched in versions 14.2 and 13.10.4 by properly checking view rights before loading documents and disallowing non-default templates in the login, registration and skin action. As a workaround, it would be possible to protect all templates individually by adding code to check access rights first. https://nvd.nist.gov/vuln/detail/CVE-2022-36092
CVE-2022-36093 XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypasslocal accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki. https://nvd.nist.gov/vuln/detail/CVE-2022-36093
CVE-2022-38256 TastyIgniter v3.5.0 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. https://nvd.nist.gov/vuln/detail/CVE-2022-38256
CVE-2022-38258 A local file inclusion LFI vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service DoS or access sensitive server information via manipulation of the getpage parameter in a crafted web request. https://nvd.nist.gov/vuln/detail/CVE-2022-38258
CVE-2022-3167 Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060rdiffweb prior to 2.4.1. https://nvd.nist.gov/vuln/detail/CVE-2022-3167
CVE-2022-36094 XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, its possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3RC1. As a workaround, it is possible to replace `viewattachrev.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki. https://nvd.nist.gov/vuln/detail/CVE-2022-36094
CVE-2022-36095 XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery CSRF attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in ones filesystem, to apply the changes exposed there. https://nvd.nist.gov/vuln/detail/CVE-2022-36095
CVE-2022-36099 XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, its possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request URL parameter using the `XWikiServerClassSheet` if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a public read-only XWiki installation or a private XWiki installation where the user has an account. This allows arbitrary GroovyPythonVelocity code execution which allows bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. Also, this could be used to impact the availability of the wiki. This has been patched in versions 13.10.6 and 14.4. As a workaround, edit the affected document `XWiki.XWikiServerClassSheet` or `WikiManager.XWikiServerClassSheet` and manually perform the changes from the patch fixing the issue. On XWiki versions 12.0 and later, it is also possible to import the document `XWiki.XWikiServerClassSheet` from the xwiki-platform-wiki-ui-mainwiki package version 14.4 using the import feature of the administration application as there have been no other changes to this document since XWiki 12.0. https://nvd.nist.gov/vuln/detail/CVE-2022-36099
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didnt sanitize user inputs properly. This allowed users with view rights on the document default in a public wiki or for authenticated users on private wikis to execute arbitrary Groovy, Python and Velocity code with programming rights. This also allowed bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. The vulnerability could be used to impact the availability of the wiki. On XWiki versions before 13.10.4 and 14.2, this can be combined with CVE-2022-36092, meaning that no rights are required to perform the attack. The vulnerability has been patched in versions 13.10.6 and 14.4. As a workaround, the patch that fixes the issue can be manually applied to the document `Main.Tags` or the updated version of that document can be imported from version 14.4 of xwiki-platform-tag-ui using the import feature in the administration UI on XWiki 10.9 and later. https://nvd.nist.gov/vuln/detail/CVE-2022-36100
CVE-2022-38265 Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at avmsedit-apartment.php. https://nvd.nist.gov/vuln/detail/CVE-2022-38265
CVE-2022-38267 School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component modulesuserindex.php?view=editid=. https://nvd.nist.gov/vuln/detail/CVE-2022-38267
CVE-2022-38268 School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component modulesautonumberindex.php?view=editid=. https://nvd.nist.gov/vuln/detail/CVE-2022-38268
CVE-2022-38269 School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component modulesmodstudentindex.php?view=editid=. https://nvd.nist.gov/vuln/detail/CVE-2022-38269
CVE-2022-40297 UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical lengthcomplexity for a user accounts password. https://nvd.nist.gov/vuln/detail/CVE-2022-40297
CVE-2022-2528 In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. https://nvd.nist.gov/vuln/detail/CVE-2022-2528
CVE-2020-10735 A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.from_bytes, and int for binary bases 2, 4, 8, 16, and 32 are not affected. The highest threat from this vulnerability is to system availability. https://nvd.nist.gov/vuln/detail/CVE-2020-10735
CVE-2022-26390 The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasnt had all data and settings erased may be able to extract sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2022-26390
CVE-2022-26392 The Baxter Spectrum WBM v16, v16D38 and Baxter Spectrum WBM v17, v17D19, v20D29 to v20D32 when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2022-26392
CVE-2022-26393 The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service DoS on the WBM. https://nvd.nist.gov/vuln/detail/CVE-2022-26393
CVE-2022-26394 The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail. https://nvd.nist.gov/vuln/detail/CVE-2022-26394
CVE-2022-2526 A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io function and dns_stream_complete function in resolved-dns-stream.c not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. https://nvd.nist.gov/vuln/detail/CVE-2022-2526
CVE-2022-2905 An out-of-bounds memory read flaw was found in the Linux kernels BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. https://nvd.nist.gov/vuln/detail/CVE-2022-2905
CVE-2022-2964 A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.03.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. https://nvd.nist.gov/vuln/detail/CVE-2022-2964
CVE-2022-36280 An out-of-boundsOOB memory access vulnerability was found in vmwgfx driver in driversgpuvmxgfxvmxgfx_kms.c in GPU component in the Linux kernel with device file devdrirenderD128 or Dxxx. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of serviceDoS. https://nvd.nist.gov/vuln/detail/CVE-2022-36280
CVE-2022-36376 Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress. https://nvd.nist.gov/vuln/detail/CVE-2022-36376
CVE-2022-36851 Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. https://nvd.nist.gov/vuln/detail/CVE-2022-36851
CVE-2022-36859 Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim#39;s devices. https://nvd.nist.gov/vuln/detail/CVE-2022-36859
CVE-2022-36864 Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. https://nvd.nist.gov/vuln/detail/CVE-2022-36864
CVE-2022-36865 Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S12, 13.0.6.14 in Android R11 and below allows attackers to access device information. https://nvd.nist.gov/vuln/detail/CVE-2022-36865
CVE-2022-36866 Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S12, 13.0.6.14 in Android R11 and below allows attackers to identify the device. https://nvd.nist.gov/vuln/detail/CVE-2022-36866
CVE-2022-36867 Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2022-36867
CVE-2022-36869 Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. https://nvd.nist.gov/vuln/detail/CVE-2022-36869
CVE-2022-36870 Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. https://nvd.nist.gov/vuln/detail/CVE-2022-36870
CVE-2022-36871 Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. https://nvd.nist.gov/vuln/detail/CVE-2022-36871
CVE-2022-36872 Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. https://nvd.nist.gov/vuln/detail/CVE-2022-36872
CVE-2022-36873 Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device. https://nvd.nist.gov/vuln/detail/CVE-2022-36873
CVE-2022-36874 Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. https://nvd.nist.gov/vuln/detail/CVE-2022-36874
CVE-2022-36875 Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. https://nvd.nist.gov/vuln/detail/CVE-2022-36875
CVE-2022-36876 Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. https://nvd.nist.gov/vuln/detail/CVE-2022-36876
CVE-2022-36877 Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log. https://nvd.nist.gov/vuln/detail/CVE-2022-36877
CVE-2022-36878 Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log. https://nvd.nist.gov/vuln/detail/CVE-2022-36878
CVE-2022-37411 Cross-Site Request Forgery CSRF vulnerability in Vinoj Cardozas Captcha Code plugin = 2.7 at WordPress. https://nvd.nist.gov/vuln/detail/CVE-2022-37411
CVE-2022-38067 Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin = 1.4.6 at WordPress. https://nvd.nist.gov/vuln/detail/CVE-2022-38067
CVE-2022-38081 OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. https://nvd.nist.gov/vuln/detail/CVE-2022-38081
CVE-2022-38096 A NULL pointer dereference vulnerability was found in vmwgfx driver in driversgpuvmxgfxvmxgfx_execbuf.c in GPU component of Linux kernel with device file devdrirenderD128 or Dxxx. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of serviceDoS. https://nvd.nist.gov/vuln/detail/CVE-2022-38096
CVE-2022-38457 A use-after-freeUAF vulnerability was found in function vmw_cmd_res_check in driversgpuvmxgfxvmxgfx_execbuf.c in Linux kernels vmwgfx driver with device file devdrirenderD128 or Dxxx. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of serviceDoS. https://nvd.nist.gov/vuln/detail/CVE-2022-38457
CVE-2022-38700 OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. https://nvd.nist.gov/vuln/detail/CVE-2022-38700
CVE-2022-38701 OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2022-38701
CVE-2022-39119 In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed https://nvd.nist.gov/vuln/detail/CVE-2022-39119
CVE-2022-39844 Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction. https://nvd.nist.gov/vuln/detail/CVE-2022-39844
CVE-2022-39845 Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction. https://nvd.nist.gov/vuln/detail/CVE-2022-39845
CVE-2022-39846 DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. https://nvd.nist.gov/vuln/detail/CVE-2022-39846
CVE-2022-3077 A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case via the ioctl I2C_SMBUS with malicious input data. This flaw could allow a local user to crash the system. https://nvd.nist.gov/vuln/detail/CVE-2022-3077
CVE-2022-3147 Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service. https://nvd.nist.gov/vuln/detail/CVE-2022-3147
CVE-2022-3169 A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. https://nvd.nist.gov/vuln/detail/CVE-2022-3169
CVE-2022-40133 A use-after-freeUAF vulnerability was found in function vmw_execbuf_tie_context in driversgpuvmxgfxvmxgfx_execbuf.c in Linux kernels vmwgfx driver with device file devdrirenderD128 or Dxxx. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of serviceDoS. https://nvd.nist.gov/vuln/detail/CVE-2022-40133
CVE-2022-28740 aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor. https://nvd.nist.gov/vuln/detail/CVE-2022-28740
CVE-2022-28741 aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x https://nvd.nist.gov/vuln/detail/CVE-2022-28741
CVE-2022-28742 aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application https://nvd.nist.gov/vuln/detail/CVE-2022-28742
CVE-2022-34165 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. https://nvd.nist.gov/vuln/detail/CVE-2022-34165
CVE-2022-36617 Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. https://nvd.nist.gov/vuln/detail/CVE-2022-36617
CVE-2022-38613 A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. https://nvd.nist.gov/vuln/detail/CVE-2022-38613
CVE-2022-38614 An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-38614
CVE-2022-38615 SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at SVFE2pagesfeegroupsservice_group.jsf. https://nvd.nist.gov/vuln/detail/CVE-2022-38615
CVE-2022-39809 An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console under carbonmediation_secure_vaultpropertiesajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible. https://nvd.nist.gov/vuln/detail/CVE-2022-39809
CVE-2022-39810 An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console under carbonndatasourcevalidateconnectionajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be possible. https://nvd.nist.gov/vuln/detail/CVE-2022-39810
CVE-2022-40317 OpenKM 6.3.11 allows stored XSS related to the javascriptcolon; substring in an A element. https://nvd.nist.gov/vuln/detail/CVE-2022-40317
CVE-2021-40647 In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isnt aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory. https://nvd.nist.gov/vuln/detail/CVE-2021-40647
CVE-2021-40648 In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory. https://nvd.nist.gov/vuln/detail/CVE-2021-40648
CVE-2022-36109 Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby Docker Engine 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `USER $USERNAME` Dockerfile instruction. Instead by calling `ENTRYPOINT [su, -, user]` the supplementary groups will be set up properly. https://nvd.nist.gov/vuln/detail/CVE-2022-36109
CVE-2022-3133 OS Command Injection in GitHub repository jgraphdrawio prior to 20.3.0. https://nvd.nist.gov/vuln/detail/CVE-2022-3133
CVE-2021-44835 An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection. https://nvd.nist.gov/vuln/detail/CVE-2021-44835
CVE-2022-31006 indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose. However, the ledger content will not be impacted and the ledger will resume functioning after the attack. This attack exploits the trade-off between resilience and availability. Any protection against abusive client connections will also prevent the network being accessed by certain legitimate users. As a result, validator nodes must tune their firewall rules to ensure the right trade-off for their networks expected users. The guidance to network operators for the use of firewall rules in the deployment of Indy networks has been modified to better protect against denial of service attacks by increasing the cost and complexity in mounting such attacks. The mitigation for this vulnerability is not in the Hyperledger Indy code per se, but rather in the individual deployments of Indy. The mitigations should be applied to all deployments of Indy, and are not related to a particular release. https://nvd.nist.gov/vuln/detail/CVE-2022-31006
CVE-2022-36110 Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. https://nvd.nist.gov/vuln/detail/CVE-2022-36110
CVE-2022-38638 Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at apiupload-resource. https://nvd.nist.gov/vuln/detail/CVE-2022-38638
CVE-2022-36087 OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds. https://nvd.nist.gov/vuln/detail/CVE-2022-36087
CVE-2022-40320 cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. https://nvd.nist.gov/vuln/detail/CVE-2022-40320
CVE-2021-37819 PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component textpdfPdfReader.java. https://nvd.nist.gov/vuln/detail/CVE-2021-37819
CVE-2022-38266 An issue in the Leptonica linked library v1.79.0 in Tesseract v5.0.0 allows attackers to cause an arithmetic exception leading to a Denial of Service DoS via a crafted JPEG file. https://nvd.nist.gov/vuln/detail/CVE-2022-38266
CVE-2022-39135 In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators, typically by using Oracle dialect the first three or MySQL dialect the last one, is affected by this vulnerability the extent of it will depend on the user under which the application is running. From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators. https://nvd.nist.gov/vuln/detail/CVE-2022-39135
CVE-2022-25295 This affects the package github.comgophishgophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parser.FormValuenext to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\\\\\\\example.com, browser will redirect user to http:example.com. https://nvd.nist.gov/vuln/detail/CVE-2022-25295
CVE-2022-40322 SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. https://nvd.nist.gov/vuln/detail/CVE-2022-40322
CVE-2022-40323 SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. https://nvd.nist.gov/vuln/detail/CVE-2022-40323
CVE-2022-40324 SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. https://nvd.nist.gov/vuln/detail/CVE-2022-40324
CVE-2022-40325 SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262. https://nvd.nist.gov/vuln/detail/CVE-2022-40325
CVE-2022-37794 In Library Management System 1.0 the cardin-card.php file id_no parameters are vulnerable to SQL injection. https://nvd.nist.gov/vuln/detail/CVE-2022-37794
CVE-2022-37796 In Simple Online Book Store System 1.0 in admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site ScriptingXSS. https://nvd.nist.gov/vuln/detail/CVE-2022-37796
CVE-2022-38972 Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script. https://nvd.nist.gov/vuln/detail/CVE-2022-38972
CVE-2022-34108 An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service DoS via a crafted image or video file. https://nvd.nist.gov/vuln/detail/CVE-2022-34108
CVE-2022-34109 An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \\PromoPhoto\\, regardless of file type or size. https://nvd.nist.gov/vuln/detail/CVE-2022-34109
CVE-2022-34110 An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. https://nvd.nist.gov/vuln/detail/CVE-2022-34110
CVE-2022-36254 Multiple persistent cross-site scripting XSS vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as fullname. https://nvd.nist.gov/vuln/detail/CVE-2022-36254
CVE-2022-36255 A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as searchTxt. https://nvd.nist.gov/vuln/detail/CVE-2022-36255
CVE-2022-36256 A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as productcode. https://nvd.nist.gov/vuln/detail/CVE-2022-36256
CVE-2022-36257 A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as users, pass, etc. https://nvd.nist.gov/vuln/detail/CVE-2022-36257
CVE-2022-36258 A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as searchTxt. https://nvd.nist.gov/vuln/detail/CVE-2022-36258
CVE-2022-36259 A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as username, password, etc. https://nvd.nist.gov/vuln/detail/CVE-2022-36259
CVE-2022-37835 Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. https://nvd.nist.gov/vuln/detail/CVE-2022-37835
CVE-2022-37734 graphql-java before19.0 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources. https://nvd.nist.gov/vuln/detail/CVE-2022-37734
CVE-2022-37767 Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok https://nvd.nist.gov/vuln/detail/CVE-2022-37767
CVE-2022-37797 In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. https://nvd.nist.gov/vuln/detail/CVE-2022-37797
CVE-2022-3178 Buffer Over-read in GitHub repository gpacgpac prior to 2.1.0-DEV. https://nvd.nist.gov/vuln/detail/CVE-2022-3178
CVE-2022-37300 A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of EcoStruxure Control Expert V15.0 SP1 and prior, EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS former name of EcoStruxure Process Expert V2021 and prior, Modicon M340 CPU part numbers BMXP34* V3.40 and prior, Modicon M580 CPU part numbers BMEP* and BMEH* V3.20 and prior. https://nvd.nist.gov/vuln/detail/CVE-2022-37300
CVE-2022-37860 The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2022-37860
CVE-2022-1700 Improper Restriction of XML External Entity Reference XXE vulnerability in the Policy Engine of Forcepoint Data Loss Prevention DLP, which is also leveraged by Forcepoint One Endpoint F1E, Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD Document Type Definitions, which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention DLP versions prior to 8.8.2. Forcepoint One Endpoint F1E with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022. https://nvd.nist.gov/vuln/detail/CVE-2022-1700
CVE-2022-31220 Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. https://nvd.nist.gov/vuln/detail/CVE-2022-31220
CVE-2022-31221 Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-31221
CVE-2022-31222 Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash. https://nvd.nist.gov/vuln/detail/CVE-2022-31222
CVE-2022-31223 Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-31223
CVE-2022-31224 Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system. https://nvd.nist.gov/vuln/detail/CVE-2022-31224
CVE-2022-31225 Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. https://nvd.nist.gov/vuln/detail/CVE-2022-31225
CVE-2022-31226 Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-31226
CVE-2022-36101 Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36101
CVE-2022-36102 Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version 5.7.15. Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36102
CVE-2022-39200 Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalidmodified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through other endpoints e.g. `event`, `state` as they have been correctly verified. Homeservers that have federation disabled are not vulnerable. The problem has been fixed in Dendrite 0.9.8. Users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-39200
CVE-2021-44425 An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machines AnyDesk tunneling protocol stack and also to any remote destination machine software that is listening to the AnyDesk tunneled port. https://nvd.nist.gov/vuln/detail/CVE-2021-44425
CVE-2021-44426 An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victims local ~Downloads directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. https://nvd.nist.gov/vuln/detail/CVE-2021-44426
CVE-2022-29490 Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated users role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/detail/CVE-2022-29490
CVE-2022-2979 Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. https://nvd.nist.gov/vuln/detail/CVE-2022-2979
CVE-2022-36173 FreshService macOS Agent 4.4.0 and FreshServce Linux Agent 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service. https://nvd.nist.gov/vuln/detail/CVE-2022-36173
CVE-2022-36174 FreshService Windows Agent 2.11.0 and FreshService macOS Agent 4.2.0 and FreshService Linux Agent 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service. https://nvd.nist.gov/vuln/detail/CVE-2022-36174
CVE-2022-38135 Broken Access Control vulnerability in Dean Oakleys Photospace Gallery plugin = 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. https://nvd.nist.gov/vuln/detail/CVE-2022-38135
CVE-2022-38291 SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting XSS vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar. https://nvd.nist.gov/vuln/detail/CVE-2022-38291
CVE-2022-38292 SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components bibliographymarcsru.php and bibliographyz3950sru.php. https://nvd.nist.gov/vuln/detail/CVE-2022-38292
CVE-2022-38295 Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at table_managerviewcu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. https://nvd.nist.gov/vuln/detail/CVE-2022-38295
CVE-2022-38296 Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. https://nvd.nist.gov/vuln/detail/CVE-2022-38296
CVE-2022-38605 Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at adminedit_event.php. https://nvd.nist.gov/vuln/detail/CVE-2022-38605
CVE-2022-38606 Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at garageeditcategory.php. https://nvd.nist.gov/vuln/detail/CVE-2022-38606
CVE-2022-38610 Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at garageeditclient.php. https://nvd.nist.gov/vuln/detail/CVE-2022-38610
CVE-2022-35572 On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, and potentially other vendorsdevices due to code reuse, the SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardwarefirmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction. https://nvd.nist.gov/vuln/detail/CVE-2022-35572
CVE-2022-38298 Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery SSRF via redirecting incoming requests to the AWS internal metadata endpoint. https://nvd.nist.gov/vuln/detail/CVE-2022-38298
CVE-2022-38299 An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWSGCP internal metadata endpoint. https://nvd.nist.gov/vuln/detail/CVE-2022-38299
CVE-2022-38297 UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. https://nvd.nist.gov/vuln/detail/CVE-2022-38297
CVE-2022-38302 Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at maintenancemanage_department.php. https://nvd.nist.gov/vuln/detail/CVE-2022-38302
CVE-2022-38303 Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at employeesmanage_leave_type.php. https://nvd.nist.gov/vuln/detail/CVE-2022-38303
CVE-2022-38304 Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at maintenancemanage_leave_type.php. https://nvd.nist.gov/vuln/detail/CVE-2022-38304
CVE-2022-37011 A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.17.0, Mendix SAML Module Mendix 8 compatible All versions V2.3.0, Mendix SAML Module Mendix 9 compatible All versions V3.3.1. Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `Allow Idp Initiated Authentication` is enabled. https://nvd.nist.gov/vuln/detail/CVE-2022-37011
CVE-2022-37302 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior. https://nvd.nist.gov/vuln/detail/CVE-2022-37302
CVE-2022-38466 A vulnerability has been identified in CoreShield One-Way Gateway OWG Software All versions V2.2. The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. https://nvd.nist.gov/vuln/detail/CVE-2022-38466
CVE-2022-39158 A vulnerability has been identified in RUGGEDCOM ROS RMC8388 All versions V5.6.0, RUGGEDCOM ROS RS416Pv2 All versions V5.6.0, RUGGEDCOM ROS RS416v2 All versions V5.6.0, RUGGEDCOM ROS RS900 32M All versions V5.6.0, RUGGEDCOM ROS RS900G 32M All versions V5.6.0, RUGGEDCOM ROS RSG2100 32M All versions V5.6.0, RUGGEDCOM ROS RSG2288 All versions V5.6.0, RUGGEDCOM ROS RSG2300 All versions V5.6.0, RUGGEDCOM ROS RSG2300P All versions V5.6.0, RUGGEDCOM ROS RSG2488 All versions V5.6.0, RUGGEDCOM ROS RSG907R All versions V5.6.0, RUGGEDCOM ROS RSG908C All versions V5.6.0, RUGGEDCOM ROS RSG909R All versions V5.6.0, RUGGEDCOM ROS RSG910C All versions V5.6.0, RUGGEDCOM ROS RSG920P All versions V5.6.0, RUGGEDCOM ROS RSL910 All versions v5.6.0, RUGGEDCOM ROS RST2228 All versions v5.6.0, RUGGEDCOM ROS RST2228P All versions V5.6.0, RUGGEDCOM ROS RST916C All versions v5.6.0, RUGGEDCOM ROS RST916P All versions v5.6.0. Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends. https://nvd.nist.gov/vuln/detail/CVE-2022-39158
CVE-2022-3174 Sensitive Cookie in HTTPS Session Without Secure Attribute in GitHub repository ikus060rdiffweb prior to 2.4.2. https://nvd.nist.gov/vuln/detail/CVE-2022-3174
CVE-2022-3175 Missing Custom Error Page in GitHub repository ikus060rdiffweb prior to 2.4.2. https://nvd.nist.gov/vuln/detail/CVE-2022-3175
CVE-2022-38616 SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at feegroupstgrt_group.jsf. https://nvd.nist.gov/vuln/detail/CVE-2022-38616
CVE-2022-1278 A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. https://nvd.nist.gov/vuln/detail/CVE-2022-1278
CVE-2022-2989 An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. https://nvd.nist.gov/vuln/detail/CVE-2022-2989
CVE-2022-2990 An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. https://nvd.nist.gov/vuln/detail/CVE-2022-2990
CVE-2022-38139 Multiple Cross-Site Request Forgery CSRF vulnerabilities in RD Station plugin = 5.1.3 at WordPress. https://nvd.nist.gov/vuln/detail/CVE-2022-38139
CVE-2022-1602 A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 SP8. The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 SP9. HP has released Service Pack 10 SP10 to remediate the potential vulnerability introduced in SP8. https://nvd.nist.gov/vuln/detail/CVE-2022-1602
CVE-2022-36385 A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device. https://nvd.nist.gov/vuln/detail/CVE-2022-36385
CVE-2022-36778 insert HTML js code inside input how to get to the vulnerable input : Workers gt; worker nickname gt; inject in this input the code. https://nvd.nist.gov/vuln/detail/CVE-2022-36778
CVE-2022-36779 PROSCEND - PROSCEND ADVICE .Ltd - G5G Industrial Cellular Router with GPS4 Unauthenticated OS Command Injection Proscend M330-w M33-W5 M350-5G M350-W5G M350-6 M350-W6 M301-G M301-GW ADVICE ICR 111WG https:www.proscend.comencategoryindustrial-Cellular-Routerindustrial-Cellular-Router.html https:cdn.shopify.comsfiles1003694133297filesADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301 https://nvd.nist.gov/vuln/detail/CVE-2022-36779
CVE-2022-36780 Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:portV=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number. https://nvd.nist.gov/vuln/detail/CVE-2022-36780
CVE-2022-36782 Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a users DB with full names and phone number of over 2.8 million users, and to see all of the users movement in and out of gates, even in real time. https://nvd.nist.gov/vuln/detail/CVE-2022-36782
CVE-2022-38069 Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters https://nvd.nist.gov/vuln/detail/CVE-2022-38069
CVE-2022-38100 The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network. https://nvd.nist.gov/vuln/detail/CVE-2022-38100
CVE-2022-38453 Multiple binary application files on the CMS8000 device are compiled with not stripped and debug_info compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities. https://nvd.nist.gov/vuln/detail/CVE-2022-38453
CVE-2022-38537 Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. https://nvd.nist.gov/vuln/detail/CVE-2022-38537
CVE-2022-38538 Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. https://nvd.nist.gov/vuln/detail/CVE-2022-38538
CVE-2022-38539 Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at archiveapply. https://nvd.nist.gov/vuln/detail/CVE-2022-38539
CVE-2022-38540 Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. https://nvd.nist.gov/vuln/detail/CVE-2022-38540
CVE-2022-38541 Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. https://nvd.nist.gov/vuln/detail/CVE-2022-38541
CVE-2022-38542 Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. https://nvd.nist.gov/vuln/detail/CVE-2022-38542
CVE-2022-3027 The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information. https://nvd.nist.gov/vuln/detail/CVE-2022-3027
CVE-2022-3190 Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file https://nvd.nist.gov/vuln/detail/CVE-2022-3190
CVE-2022-35292 In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability. https://nvd.nist.gov/vuln/detail/CVE-2022-35292
CVE-2022-35294 An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user. https://nvd.nist.gov/vuln/detail/CVE-2022-35294
CVE-2022-35295 Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform Version Management System - versions 420, 430, exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2022-35295
CVE-2022-35298 SAP NetWeaver Enterprise Portal KMC - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session. https://nvd.nist.gov/vuln/detail/CVE-2022-35298
CVE-2022-39014 Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. https://nvd.nist.gov/vuln/detail/CVE-2022-39014
CVE-2022-39799 An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user. https://nvd.nist.gov/vuln/detail/CVE-2022-39799
CVE-2022-39801 SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application. https://nvd.nist.gov/vuln/detail/CVE-2022-39801
CVE-2022-3029 In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data. https://nvd.nist.gov/vuln/detail/CVE-2022-3029
CVE-2022-3170 An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the id-name provided by the user did not end with \\0. A privileged local user could pass a specially crafted name through ioctl interface and crash the system or potentially escalate their privileges on the system. https://nvd.nist.gov/vuln/detail/CVE-2022-3170
CVE-2022-36020 The typo3html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `mastermindshtml5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36020
CVE-2022-36103 Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR certificate signing request Talos control plane node might issue Talos API certificate which allows full access to Talos API on a control plane node. Accessing Talos API with full level access on a control plane node might reveal sensitive information which allows full level access to the cluster Kubernetes and Talos PKI, etc.. Talos API join token is stored in the machine configuration on the worker node. When configured correctly, Kubernetes workloads dont have access to the machine configuration, but due to a misconfiguration workload might access the machine configuration and reveal the join token. This problem has been fixed in Talos 1.2.2. Enabling the Pod Security Standards mitigates the vulnerability by denying hostPath mounts and host networking by default in the baseline policy. Clusters that dont run untrusted workloads are not affected. Clusters with correct Pod Security configurations which dont allow hostPath mounts, and secure access to cloud metadata server or machine configuration is not supplied via cloud metadata server are not affected. https://nvd.nist.gov/vuln/detail/CVE-2022-36103
CVE-2022-3179 Weak Password Requirements in GitHub repository ikus060rdiffweb prior to 2.4.2. https://nvd.nist.gov/vuln/detail/CVE-2022-3179
CVE-2022-32190 JoinPath and URL.JoinPath do not remove .. path elements appended to a relative path. For example, JoinPathhttps:go.dev, ..go returns the URL https:go.dev..go, despite the JoinPath documentation stating that .. path elements are removed from the result. https://nvd.nist.gov/vuln/detail/CVE-2022-32190
CVE-2022-36104 TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36104
CVE-2022-36105 TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36105
CVE-2022-36106 TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36106
CVE-2022-36107 TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36107
CVE-2022-36108 TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-36108
CVE-2022-39202 matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-orgnode-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode commands can only be executed by privileged users, so this can only be abused if an operator is tricked into running the command on behalf of an attacker. The vulnerability has been patched in matrix-appservice-irc 0.35.0. As a workaround users should refrain from entering mode commands suggested by untrusted users. Avoid using multiple modes in a single command. https://nvd.nist.gov/vuln/detail/CVE-2022-39202
CVE-2022-34100 A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. https://nvd.nist.gov/vuln/detail/CVE-2022-34100
CVE-2022-39203 matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The vulnerability has been patched in matrix-appservice-irc 0.35.0. As a workaround operators may disable dynamic channel joining via `dynamicChannels.enabled` to prevent users from joining new channels, which prevents any new channels being bridged outside of what is already bridged, and what is specified in the config. https://nvd.nist.gov/vuln/detail/CVE-2022-39203
CVE-2022-39205 Onedev is an open source, self-hosted Git Server with CICD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The git-prereceive-callback endpoint is used by the pre-receive git hook on the server to check for branch protections during a push event. It is only intended to be accessed from localhost, but the check relies on the X-Forwarded-For header. Invoking this endpoint leads to the execution of one of various git commands. The environment variables of this command execution can be controlled via query parameters. This allows attackers to write to arbitrary files, which can in turn lead to the execution of arbitrary code. Such an attack would be very hard to detect, which increases the potential impact even more. Users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-39205
CVE-2022-39206 Onedev is an open source, self-hosted Git Server with CICD and Kanban. When using Docker-based job executors, the Docker socket e.g. varrundocker.sock on Linux is mounted into each Docker step. Users that can define and trigger CICD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. This issue allows regular non-admin users to potentially take over the build infrastructure of a OneDev instance. Attackers need to have an account or be able to register one and need permission to create a project. Since code.onedev.io has the right preconditions for this to be exploited by remote attackers, it could have been used to hijack builds of OneDev itself, e.g. by injecting malware into the docker images that are built and pushed to Docker Hub. The impact is increased by this as described before. Users are advised to upgrade to 7.3.0 or higher. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-39206
CVE-2022-39207 Onedev is an open source, self-hosted Git Server with CICD and Kanban. During CICD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDevs web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting XSS when a user creates a build artifact that contains HTML. When accessing the artifact, the content is rendered by the browser, including any JavaScript that it contains. Since all cookies except for the rememberMe one do not set the HttpOnly flag, an attacker could steal the session of a victim and use it to impersonate them. To exploit this issue, attackers need to be able to modify the content of artifacts, which usually means they need to be able to modify a projects build spec. The exploitation requires the victim to click on an attackers link. It can be used to elevate privileges by targeting admins of a OneDev instance. In the worst case, this can lead to arbitrary code execution on the server, because admins can create Server Shell Executors and use them to run any command on the server. This issue has been patched in version 7.3.0. Users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-39207
CVE-2022-39208 Onedev is an open source, self-hosted Git Server with CICD and Kanban. All files in the optonedevsites directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. This issue has been resolved in version 7.3.0 and users are advised to upgrade. There are no known workarounds for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-39208
CVE-2022-40634 Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI. https://nvd.nist.gov/vuln/detail/CVE-2022-40634
CVE-2022-40635 Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. https://nvd.nist.gov/vuln/detail/CVE-2022-40635
CVE-2021-0697 In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238918403 https://nvd.nist.gov/vuln/detail/CVE-2021-0697
CVE-2021-0871 In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238921253 https://nvd.nist.gov/vuln/detail/CVE-2021-0871
CVE-2021-0942 The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_physpsOSPageArrayData-pagearray[ui32PageIndex];With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312 https://nvd.nist.gov/vuln/detail/CVE-2021-0942
CVE-2021-0943 In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238916921 https://nvd.nist.gov/vuln/detail/CVE-2021-0943
CVE-2022-20385 a function called nla_parse, do not check the len of para, it will check nla_type which can be controlled by userspace with maxtype in this case, it is GSCAN_MAX, then it access polciy array policy[type], which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819 https://nvd.nist.gov/vuln/detail/CVE-2022-20385
CVE-2022-20386 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328 https://nvd.nist.gov/vuln/detail/CVE-2022-20386
CVE-2022-20387 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324 https://nvd.nist.gov/vuln/detail/CVE-2022-20387
CVE-2022-20388 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 https://nvd.nist.gov/vuln/detail/CVE-2022-20388
CVE-2022-20389 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 https://nvd.nist.gov/vuln/detail/CVE-2022-20389
CVE-2022-20390 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 https://nvd.nist.gov/vuln/detail/CVE-2022-20390
CVE-2022-20391 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000 https://nvd.nist.gov/vuln/detail/CVE-2022-20391
CVE-2022-20392 In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 https://nvd.nist.gov/vuln/detail/CVE-2022-20392
CVE-2022-20393 In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886 https://nvd.nist.gov/vuln/detail/CVE-2022-20393
CVE-2022-20395 In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 https://nvd.nist.gov/vuln/detail/CVE-2022-20395
CVE-2022-20396 In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-234440688 https://nvd.nist.gov/vuln/detail/CVE-2022-20396
CVE-2022-20398 In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734 https://nvd.nist.gov/vuln/detail/CVE-2022-20398
CVE-2022-20399 In the SEPolicy configuration of system apps, there is a possible access to the ip utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel https://nvd.nist.gov/vuln/detail/CVE-2022-20399
CVE-2022-2962 A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rxtx descriptor or copies the rxtx frame, it doesnt check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. https://nvd.nist.gov/vuln/detail/CVE-2022-2962
CVE-2022-32244 Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but cant make the system unavailable. This needs the attacker to have high privilege access to the same physicallogical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application. https://nvd.nist.gov/vuln/detail/CVE-2022-32244
CVE-2022-32555 Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesnt have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur. https://nvd.nist.gov/vuln/detail/CVE-2022-32555
CVE-2022-37703 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir` as root directly without checking the path, letting the attacker provide an arbitrary path. https://nvd.nist.gov/vuln/detail/CVE-2022-37703
CVE-2022-38342 Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity XXE vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery SSRF attacks. https://nvd.nist.gov/vuln/detail/CVE-2022-38342
CVE-2022-3182 Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions. https://nvd.nist.gov/vuln/detail/CVE-2022-3182
CVE-2022-3205 An XSS exists in automation controller UI where the project name is susceptible to XSS injection https://nvd.nist.gov/vuln/detail/CVE-2022-3205
CVE-2022-22329 IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http: link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124. https://nvd.nist.gov/vuln/detail/CVE-2022-22329
CVE-2022-22330 IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126. https://nvd.nist.gov/vuln/detail/CVE-2022-22330
CVE-2022-22483 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. https://nvd.nist.gov/vuln/detail/CVE-2022-22483
CVE-2022-34336 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. https://nvd.nist.gov/vuln/detail/CVE-2022-34336
CVE-2022-34356 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502. https://nvd.nist.gov/vuln/detail/CVE-2022-34356
CVE-2022-35637 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. https://nvd.nist.gov/vuln/detail/CVE-2022-35637
CVE-2022-36768 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014. https://nvd.nist.gov/vuln/detail/CVE-2022-36768
CVE-2022-38306 LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component coreCorePrPsInfo.tcc. https://nvd.nist.gov/vuln/detail/CVE-2022-38306
CVE-2022-38307 LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset at MachOSegmentCommand.cpp. https://nvd.nist.gov/vuln/detail/CVE-2022-38307
CVE-2022-38329 An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnerability that can delete the specified column via index.phpcontents-admin_cat-finderdel-model-ContentsCat.html?id=17. https://nvd.nist.gov/vuln/detail/CVE-2022-38329
CVE-2022-38495 LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at cmacho_reader.c. https://nvd.nist.gov/vuln/detail/CVE-2022-38495
CVE-2022-38496 LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. https://nvd.nist.gov/vuln/detail/CVE-2022-38496
CVE-2022-38497 LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. https://nvd.nist.gov/vuln/detail/CVE-2022-38497
CVE-2022-38637 Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. https://nvd.nist.gov/vuln/detail/CVE-2022-38637
CVE-2022-39814 In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-39814
CVE-2022-39815 In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in CGI-BINOTNE_1-14runBatch.cgi via the file HTTP POST parameter, CGI-BINOTNE_1-14getRadioTLs.cgi via the context HTTP POST parameter, CGI-BINOTNE_1-14runRouteReport.cgi via the file HTTP POST parameter or CGI-BINRemoteCommandManager.cgi via the command HTTP POST parameter. https://nvd.nist.gov/vuln/detail/CVE-2022-39815
CVE-2022-39816 In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials cleartext password occur in cgi-binR14.2cgi-binR14.2host.pl on the edit configuration page. Exploitation requires an authenticated attacker. https://nvd.nist.gov/vuln/detail/CVE-2022-39816
CVE-2022-39817 In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occur in cgi-binR14.2easy1350.pl via the id or host HTTP GET parameter, or cgi-binR14.2cgi-binR14.2host.pl via the host HTTP GET parameter. Exploitation requires an authenticated attacker. https://nvd.nist.gov/vuln/detail/CVE-2022-39817
CVE-2022-39819 In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in cgi-binR14.2log.pl via the cmd HTTP GET parameter and cgi-binR14.2checkping.pl via the addr HTTP GET parameter. This allows authenticated users to execute commands on the operating system. https://nvd.nist.gov/vuln/detail/CVE-2022-39819
CVE-2022-39821 In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs under usrSystemsOTNE_1_14_Mastermaintenancetraceweb.otn.default.log. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. https://nvd.nist.gov/vuln/detail/CVE-2022-39821
CVE-2022-40621 Because the WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack. https://nvd.nist.gov/vuln/detail/CVE-2022-40621
CVE-2022-40622 The WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrators, or is behind the same NAT as the logged in administrator, session takeover is possible. https://nvd.nist.gov/vuln/detail/CVE-2022-40622
CVE-2022-40623 The WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues such as CVE-2022-35518, can lead to remote, unauthenticated command execution. https://nvd.nist.gov/vuln/detail/CVE-2022-40623
CVE-2021-36568 In certain Moodle products after creating a course, it is possible to add in a arbitrary Topic a resource, in this case a Database with the type Text where its values Field name and Field description are vulnerable to Cross Site Scripting StoredXSS. This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. https://nvd.nist.gov/vuln/detail/CVE-2021-36568
CVE-2022-31322 Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. https://nvd.nist.gov/vuln/detail/CVE-2022-31322
CVE-2022-31324 An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request. https://nvd.nist.gov/vuln/detail/CVE-2022-31324
CVE-2022-31861 Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. https://nvd.nist.gov/vuln/detail/CVE-2022-31861
CVE-2022-34101 A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. https://nvd.nist.gov/vuln/detail/CVE-2022-34101
CVE-2022-34102 Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt. https://nvd.nist.gov/vuln/detail/CVE-2022-34102
CVE-2022-35413 WAPPLES through 6.0 has a hardcoded systemi account accessible via dbwp.no1 as configured in the optpentawapplesscriptwcc_auto_scaling.py file. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the webapi URI on port 443 or 5001. https://nvd.nist.gov/vuln/detail/CVE-2022-35413
CVE-2022-35582 Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. https://nvd.nist.gov/vuln/detail/CVE-2022-35582
CVE-2022-38633 Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. https://nvd.nist.gov/vuln/detail/CVE-2022-38633
CVE-2022-37190 CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from apiindex.php. https://nvd.nist.gov/vuln/detail/CVE-2022-37190
CVE-2022-37191 The component cuppaapiindex.php of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. https://nvd.nist.gov/vuln/detail/CVE-2022-37191
CVE-2022-38305 AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component adminprofile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. https://nvd.nist.gov/vuln/detail/CVE-2022-38305
CVE-2022-38768 The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to bypass authorization. https://nvd.nist.gov/vuln/detail/CVE-2022-38768
CVE-2022-38769 The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. https://nvd.nist.gov/vuln/detail/CVE-2022-38769
CVE-2022-38770 The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to fetch other users data upon a successful login request. https://nvd.nist.gov/vuln/detail/CVE-2022-38770
CVE-2022-38771 The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. https://nvd.nist.gov/vuln/detail/CVE-2022-38771