Security Bulletin 21 Sep 2022

Published on 21 Sep 2022

Updated on 21 Sep 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2022-39206Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. This issue allows regular (non-admin) users to potentially take over the build infrastructure of a OneDev instance. Attackers need to have an account (or be able to register one) and need permission to create a project. Since code.onedev.io has the right preconditions for this to be exploited by remote attackers, it could have been used to hijack builds of OneDev itself, e.g. by injecting malware into the docker images that are built and pushed to Docker Hub. The impact is increased by this as described before. Users are advised to upgrade to 7.3.0 or higher. There are no known workarounds for this issue.9.9https://nvd.nist.gov/vuln/detail/CVE-2022-39206
CVE-2021-1138Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1138
CVE-2021-1140Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1140
CVE-2021-0266The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-0266
CVE-2020-19001Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19001
CVE-2020-18048An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-18048
CVE-2020-21651Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \\controller\\point.php, which can be exploited via the add() method.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-21651
CVE-2020-21652Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \\controller\\Config.php, which can be exploited via the addqq() method.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-21652
CVE-2022-27668Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27668
CVE-2022-32207When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32207
CVE-2022-32456Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32456
CVE-2022-2564Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2564
CVE-2022-32292In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32292
CVE-2022-2651Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2651
CVE-2022-25168Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25168
CVE-2022-37434zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37434
CVE-2022-36201Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36201
CVE-2022-36089KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the `PlatformID` as the signed key to generate the JWT tokens for users. Another API called `getSystemInfo` exposes the platformID. This vulnerability allows users to use the platformID to re-generate the JWT tokens to bypass the authentication. Versions 1.4.11 and 1.5.4 contain a patch for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36089
CVE-2022-33941PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-33941
CVE-2022-37164Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37164
CVE-2022-2526A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2526
CVE-2022-36376Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36376
CVE-2021-44835An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44835
CVE-2022-39135In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39135
CVE-2022-37794In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37794
CVE-2022-37767Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37767
CVE-2022-37300A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37300
CVE-2022-37860The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37860
CVE-2022-1700Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1700
CVE-2022-38292SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38292
CVE-2022-38296Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38296
CVE-2022-38297UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38297
CVE-2022-37011A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.3.1). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37011
CVE-2022-36779PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=16208143019.8https://nvd.nist.gov/vuln/detail/CVE-2022-36779
CVE-2022-38537Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38537
CVE-2022-38538Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38538
CVE-2022-38539Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38539
CVE-2022-38540Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38540
CVE-2022-38541Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38541
CVE-2022-38542Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38542
CVE-2022-32190JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32190
CVE-2022-34718Windows TCP/IP Remote Code Execution Vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34718
CVE-2022-34721Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34721
CVE-2022-34722Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34722
CVE-2022-39205Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the server to check for branch protections during a push event. It is only intended to be accessed from localhost, but the check relies on the X-Forwarded-For header. Invoking this endpoint leads to the execution of one of various git commands. The environment variables of this command execution can be controlled via query parameters. This allows attackers to write to arbitrary files, which can in turn lead to the execution of arbitrary code. Such an attack would be very hard to detect, which increases the potential impact even more. Users are advised to upgrade. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39205
CVE-2021-0942The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-2389043129.8https://nvd.nist.gov/vuln/detail/CVE-2021-0942
CVE-2022-20385a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-2383798199.8https://nvd.nist.gov/vuln/detail/CVE-2022-20385
CVE-2022-20386Summary:Product: AndroidVersions: Android SoCAndroid ID: A-2382273289.8https://nvd.nist.gov/vuln/detail/CVE-2022-20386
CVE-2022-20387Summary:Product: AndroidVersions: Android SoCAndroid ID: A-2382273249.8https://nvd.nist.gov/vuln/detail/CVE-2022-20387
CVE-2022-20388Summary:Product: AndroidVersions: Android SoCAndroid ID: A-2382273239.8https://nvd.nist.gov/vuln/detail/CVE-2022-20388
CVE-2022-20389Summary:Product: AndroidVersions: Android SoCAndroid ID: A-2382570049.8https://nvd.nist.gov/vuln/detail/CVE-2022-20389
CVE-2022-20390Summary:Product: AndroidVersions: Android SoCAndroid ID: A-2382570029.8https://nvd.nist.gov/vuln/detail/CVE-2022-20390
CVE-2022-20391Summary:Product: AndroidVersions: Android SoCAndroid ID: A-2382570009.8https://nvd.nist.gov/vuln/detail/CVE-2022-20391
CVE-2022-38637Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38637
CVE-2022-39815In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /CGI-BIN/OTNE_1-14/runBatch.cgi via the file HTTP POST parameter, /CGI-BIN/OTNE_1-14/getRadioTLs.cgi via the context HTTP POST parameter, /CGI-BIN/OTNE_1-14/runRouteReport.cgi via the file HTTP POST parameter or /CGI-BIN/RemoteCommandManager.cgi via the command HTTP POST parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39815
CVE-2022-35413WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35413
CVE-2022-38768The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38768
CVE-2022-38771The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38771
CVE-2022-34831An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one or multiple dnsNames. These are validated properly in the ACME challenge. However, if the validation passes, a non-compliant client can include additional dnsNames the CSR sent to the finalize endpoint, resulting in EJBCA issuing a certificate including the identifiers that were not validated. This occurs even if the certificate profile is configured to not allow a DN override by the CSR.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34831
CVE-2022-36436OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36436
CVE-2022-36669Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36669
CVE-2022-37138Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37138
CVE-2022-40674libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-40674
CVE-2022-37661SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37661
CVE-2022-35947GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35947
CVE-2022-38308TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38308
CVE-2022-38352ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\\Flysystem\\Cached\\Storage\\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38352
CVE-2022-37257Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37257
CVE-2022-37266Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37266
CVE-2022-2471Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2471
CVE-2022-37264Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37264
CVE-2022-37861There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37861
CVE-2022-38325Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38325
CVE-2022-38326Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38326
CVE-2022-26959There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26959
CVE-2022-36536An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36536
CVE-2022-22105Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22105
CVE-2022-25686Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25686
CVE-2022-25688Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25688
CVE-2022-25708Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25708
CVE-2021-42949The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42949
CVE-2022-38823In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38823
CVE-2022-38826In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38826
CVE-2022-38827TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38827
CVE-2022-38828TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38828
CVE-2022-38829Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38829
CVE-2022-38830Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38830
CVE-2022-38831Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38831
CVE-2021-40017The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40017
CVE-2022-38999The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38999
CVE-2022-39000The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39000
CVE-2022-35939TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35939
CVE-2020-19751An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-19751
CVE-2022-23096An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23096
CVE-2022-23097An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23097
CVE-2021-40053There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-40053
CVE-2022-32213The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).9.1https://nvd.nist.gov/vuln/detail/CVE-2022-32213
CVE-2022-32214The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).9.1https://nvd.nist.gov/vuln/detail/CVE-2022-32214
CVE-2022-32215The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).9.1https://nvd.nist.gov/vuln/detail/CVE-2022-32215
CVE-2021-33643An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-33643
CVE-2022-38638Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-38638
CVE-2022-2900Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-2900
CVE-2022-38789An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-38789
CVE-2021-40019Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-40019
CVE-2022-35937TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-35937
CVE-2022-35938TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patched in GitHub commit 4142e47e9e31db481781b955ed3ff807a781b494. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-35938
CVE-2020-4062In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term "isolated" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC).9https://nvd.nist.gov/vuln/detail/CVE-2020-4062
CVE-2022-36094XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3RC1. As a workaround, it is possible to replace `viewattachrev.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki.9https://nvd.nist.gov/vuln/detail/CVE-2022-36094
CVE-2020-19586Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.9https://nvd.nist.gov/vuln/detail/CVE-2020-19586

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2010-1280Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.8.8https://nvd.nist.gov/vuln/detail/CVE-2010-1280
CVE-2019-0257Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-0257
CVE-2020-3118A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3118
CVE-2020-8558The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-8558
CVE-2021-1139Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1139
CVE-2021-1141Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1141
CVE-2020-7862A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-7862
CVE-2020-20124Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \\attachment\\admin\\index.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-20124
CVE-2020-21650Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \\controller\\Config.php, which can be exploited via the add() method.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-21650
CVE-2022-0507Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0507
CVE-2022-1049A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1049
CVE-2022-36359An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36359
CVE-2022-1043A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1043
CVE-2022-38118OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38118
CVE-2022-39170libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-39170
CVE-2022-31247An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-31247
CVE-2022-3167Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3167
CVE-2022-36099XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the `XWikiServerClassSheet` if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a public read-only XWiki installation or a private XWiki installation where the user has an account. This allows arbitrary Groovy/Python/Velocity code execution which allows bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. Also, this could be used to impact the availability of the wiki. This has been patched in versions 13.10.6 and 14.4. As a workaround, edit the affected document `XWiki.XWikiServerClassSheet` or `WikiManager.XWikiServerClassSheet` and manually perform the changes from the patch fixing the issue. On XWiki versions 12.0 and later, it is also possible to import the document `XWiki.XWikiServerClassSheet` from the xwiki-platform-wiki-ui-mainwiki package version 14.4 using the import feature of the administration application as there have been no other changes to this document since XWiki 12.0.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36099
CVE-2022-36100XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn't sanitize user inputs properly. This allowed users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This also allowed bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. The vulnerability could be used to impact the availability of the wiki. On XWiki versions before 13.10.4 and 14.2, this can be combined with CVE-2022-36092, meaning that no rights are required to perform the attack. The vulnerability has been patched in versions 13.10.6 and 14.4. As a workaround, the patch that fixes the issue can be manually applied to the document `Main.Tags` or the updated version of that document can be imported from version 14.4 of xwiki-platform-tag-ui using the import feature in the administration UI on XWiki 10.9 and later.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36100
CVE-2022-37411Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37411
CVE-2022-38700OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38700
CVE-2022-38615SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38615
CVE-2022-36110Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36110
CVE-2022-40320cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-40320
CVE-2021-44426An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44426
CVE-2022-29490Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*8.8https://nvd.nist.gov/vuln/detail/CVE-2022-29490
CVE-2022-38298Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38298
CVE-2022-38616SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38616
CVE-2022-38139Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.1.3 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38139
CVE-2022-36103Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR (certificate signing request) Talos control plane node might issue Talos API certificate which allows full access to Talos API on a control plane node. Accessing Talos API with full level access on a control plane node might reveal sensitive information which allows full level access to the cluster (Kubernetes and Talos PKI, etc.). Talos API join token is stored in the machine configuration on the worker node. When configured correctly, Kubernetes workloads don't have access to the machine configuration, but due to a misconfiguration workload might access the machine configuration and reveal the join token. This problem has been fixed in Talos 1.2.2. Enabling the Pod Security Standards mitigates the vulnerability by denying hostPath mounts and host networking by default in the baseline policy. Clusters that don't run untrusted workloads are not affected. Clusters with correct Pod Security configurations which don't allow hostPath mounts, and secure access to cloud metadata server (or machine configuration is not supplied via cloud metadata server) are not affected.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36103
CVE-2022-3179Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3179
CVE-2022-34100A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34100
CVE-2022-34700Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35805.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34700
CVE-2022-34726Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34727, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34726
CVE-2022-34727Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34727
CVE-2022-34731Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34731
CVE-2022-34733Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34733
CVE-2022-35805Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34700.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35805
CVE-2022-35823Microsoft SharePoint Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35823
CVE-2022-35834Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35834
CVE-2022-35835Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35836, CVE-2022-35840.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35835
CVE-2022-35836Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35836
CVE-2022-35840Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35840
CVE-2022-35841Windows Enterprise App Management Service Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35841
CVE-2022-37961Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38008, CVE-2022-38009.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37961
CVE-2022-38008Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38009.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38008
CVE-2022-38009Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38008.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38009
CVE-2022-39203matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The vulnerability has been patched in matrix-appservice-irc 0.35.0. As a workaround operators may disable dynamic channel joining via `dynamicChannels.enabled` to prevent users from joining new channels, which prevents any new channels being bridged outside of what is already bridged, and what is specified in the config.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-39203
CVE-2022-32555Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-32555
CVE-2022-39817In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occur in /cgi-bin/R14.2/easy1350.pl via the id or host HTTP GET parameter, or /cgi-bin/R14.2/cgi-bin/R14.2/host.pl via the host HTTP GET parameter. Exploitation requires an authenticated attacker.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-39817
CVE-2022-39819In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /cgi-bin/R14.2/log.pl via the cmd HTTP GET parameter and /cgi-bin/R14.2/checkping.pl via the addr HTTP GET parameter. This allows authenticated users to execute commands on the operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-39819
CVE-2022-40622The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-40622
CVE-2022-40623The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-40623
CVE-2022-34102Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34102
CVE-2022-35582Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35582
CVE-2022-37190CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37190
CVE-2022-38305AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38305
CVE-2022-36667Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36667
CVE-2022-3216A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This vulnerability affects unknown code of the component Mobile Adapter GB. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-208606 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3216
CVE-2022-38301Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38301
CVE-2022-3221Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-3221
CVE-2022-37207JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37207
CVE-2022-37201JFinal CMS 5.1.0 is vulnerable to SQL Injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37201
CVE-2022-36532Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36532
CVE-2022-36534Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36534
CVE-2022-1194The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1194
CVE-2022-38808ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38808
CVE-2022-38843EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38843
CVE-2022-40337OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-40337
CVE-2020-5232A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.8.7https://nvd.nist.gov/vuln/detail/CVE-2020-5232
CVE-2022-36782Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a user's DB with full names and phone number of over 2.8 million users, and to see all of the users' movement in and out of gates, even in real time.8.6https://nvd.nist.gov/vuln/detail/CVE-2022-36782
CVE-2021-3929A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-3929
CVE-2022-30196Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35833.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-30196
CVE-2020-18771Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-18771
CVE-2022-32212A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.16.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-32212
CVE-2022-32293In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-32293
CVE-2021-33644An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-33644
CVE-2022-29850Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-29850
CVE-2022-38258A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-38258
CVE-2022-26393The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-26393
CVE-2022-28741aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x8.1https://nvd.nist.gov/vuln/detail/CVE-2022-28741
CVE-2022-36173FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-36173
CVE-2022-36174FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-36174
CVE-2022-33647Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33679.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-33647
CVE-2022-33679Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-33679
CVE-2022-35830Remote Procedure Call Runtime Remote Code Execution Vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-35830
CVE-2022-37140PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.8https://nvd.nist.gov/vuln/detail/CVE-2022-37140
CVE-2022-2798The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data8https://nvd.nist.gov/vuln/detail/CVE-2022-2798
CVE-2022-38844CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.8https://nvd.nist.gov/vuln/detail/CVE-2022-38844
CVE-2020-3427The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-3427
CVE-2021-0204A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D34; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-0204
CVE-2021-0223A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-0223
CVE-2020-7346Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-7346
CVE-2021-1118NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1118
CVE-2021-45844Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45844
CVE-2021-45845The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45845
CVE-2022-27940tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27940
CVE-2022-27941tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27941
CVE-2022-27942tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27942
CVE-2020-6099An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6099
CVE-2021-46790ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46790
CVE-2020-4107HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-4107
CVE-2022-31214A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31214
CVE-2022-36833Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36833
CVE-2022-34705Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35771.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34705
CVE-2022-34707Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35761, CVE-2022-35768.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34707
CVE-2022-35768Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34707, CVE-2022-35761.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35768
CVE-2022-35771Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34705.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35771
CVE-2022-2845Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2845
CVE-2022-2849Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2849
CVE-2022-2862Use After Free in GitHub repository vim/vim prior to 9.0.0221.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2862
CVE-2022-37047The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37047
CVE-2022-37048The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37048
CVE-2022-37049The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37049
CVE-2022-31676VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31676
CVE-2022-32837This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32837
CVE-2022-2982Use After Free in GitHub repository vim/vim prior to 9.0.0260.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2982
CVE-2022-3016Use After Free in GitHub repository vim/vim prior to 9.0.0286.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3016
CVE-2022-3037Use After Free in GitHub repository vim/vim prior to 9.0.0322.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3037
CVE-2022-3099Use After Free in GitHub repository vim/vim prior to 9.0.0360.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3099
CVE-2022-39831An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-39831
CVE-2022-39832An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-39832
CVE-2022-26861Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26861
CVE-2022-36403Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36403
CVE-2022-40297UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40297
CVE-2022-2964A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2964
CVE-2022-36864Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36864
CVE-2022-39119In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed7.8https://nvd.nist.gov/vuln/detail/CVE-2022-39119
CVE-2022-39846DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-39846
CVE-2022-3133OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3133
CVE-2022-3178Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3178
CVE-2022-31226Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31226
CVE-2022-2979Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2979
CVE-2022-38466A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38466
CVE-2022-35292In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35292
CVE-2022-3170An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-3170
CVE-2022-26929.NET Framework Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26929
CVE-2022-30200Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-30200
CVE-2022-34719Windows Distributed File System (DFS) Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34719
CVE-2022-34729Windows GDI Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34729
CVE-2022-34730Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34732, CVE-2022-34734.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34730
CVE-2022-34732Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34734.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34732
CVE-2022-34734Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34732.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34734
CVE-2022-35803Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35803
CVE-2022-35828Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35828
CVE-2022-37954DirectX Graphics Kernel Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37954
CVE-2022-37955Windows Group Policy Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37955
CVE-2022-37956Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37956
CVE-2022-37957Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37957
CVE-2022-37962Microsoft PowerPoint Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37962
CVE-2022-37963Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38010.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37963
CVE-2022-37964Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37957.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37964
CVE-2022-37969Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37969
CVE-2022-38004Windows Fax Service Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38004
CVE-2022-38005Windows Print Spooler Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38005
CVE-2022-38007Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38007
CVE-2022-38010Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37963.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38010
CVE-2022-38019AV1 Video Extension Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38019
CVE-2021-0871In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2389212537.8https://nvd.nist.gov/vuln/detail/CVE-2021-0871
CVE-2021-0943In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2389169217.8https://nvd.nist.gov/vuln/detail/CVE-2021-0943
CVE-2022-20392In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-2133236157.8https://nvd.nist.gov/vuln/detail/CVE-2022-20392
CVE-2022-20395In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2218552957.8https://nvd.nist.gov/vuln/detail/CVE-2022-20395
CVE-2022-20398In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2218597347.8https://nvd.nist.gov/vuln/detail/CVE-2022-20398
CVE-2022-2962A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2962
CVE-2022-34356IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34356
CVE-2022-36768IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36768
CVE-2022-38495LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38495
CVE-2022-31322Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31322
CVE-2022-34101A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34101
CVE-2022-38633Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38633
CVE-2022-40673KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40673
CVE-2022-20364In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233606615References: N/A7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20364
CVE-2022-2977A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2977
CVE-2022-38862Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38862
CVE-2022-40636This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40636
CVE-2022-40637This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40637
CVE-2022-40638This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40638
CVE-2022-40639This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17207.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40639
CVE-2022-40640This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17308.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40640
CVE-2022-40641This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17317.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40641
CVE-2022-40642This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17318.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40642
CVE-2022-40643This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17407.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40643
CVE-2022-40644This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17408.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40644
CVE-2022-40645This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17540.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40645
CVE-2022-40646This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17541.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40646
CVE-2022-40647This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17558.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40647
CVE-2022-40648This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40648
CVE-2022-40649This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17565.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40649
CVE-2022-40650This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17838.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40650
CVE-2022-40651This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17844.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40651
CVE-2022-40652This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17846.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40652
CVE-2022-40653This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18349.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40653
CVE-2022-40654This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18351.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40654
CVE-2022-40655This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15071.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40655
CVE-2022-40656This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. Crafted data in a ND2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15072.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40656
CVE-2022-40657This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. Crafted data in a PSD file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15073.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40657
CVE-2022-40658This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15166.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40658
CVE-2022-40659This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15214.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40659
CVE-2022-40660This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15135.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40660
CVE-2022-40661This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15134.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40661
CVE-2022-40662This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15351.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40662
CVE-2022-40663This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-40663
CVE-2020-23550IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23550
CVE-2020-23551IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23551
CVE-2020-23552IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23552
CVE-2020-23553IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23553
CVE-2020-23554IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23554
CVE-2020-23555IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23555
CVE-2020-23556IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23556
CVE-2020-23557IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23557
CVE-2020-23558IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23558
CVE-2020-23559IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23559
CVE-2020-23560IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-23560
CVE-2022-35415An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35415
CVE-2022-22066Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22066
CVE-2022-22074Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22074
CVE-2022-22081Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22081
CVE-2022-22089Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22089
CVE-2022-22092Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22092
CVE-2022-22095Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22095
CVE-2022-25652Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25652
CVE-2022-25656Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25656
CVE-2022-25693Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25693
CVE-2022-3176There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa636597.8https://nvd.nist.gov/vuln/detail/CVE-2022-3176
CVE-2022-38408Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38408
CVE-2022-38411Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38411
CVE-2022-38412Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38412
CVE-2022-28852Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28852
CVE-2022-28853Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28853
CVE-2022-35713Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35713
CVE-2022-38401Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38401
CVE-2022-38402Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38402
CVE-2022-38403Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38403
CVE-2022-38404Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38404
CVE-2022-38405Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38405
CVE-2022-38413Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38413
CVE-2022-38414Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38414
CVE-2022-38415Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38415
CVE-2022-38416Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38416
CVE-2022-38417Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38417
CVE-2022-38426Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38426
CVE-2022-38427Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38427
CVE-2022-38429Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38429
CVE-2022-38430Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38430
CVE-2022-38431Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38431
CVE-2022-38432Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38432
CVE-2022-38433Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.sue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38433
CVE-2022-38434Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38434
CVE-2022-38611Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38611
CVE-2022-35699Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35699
CVE-2022-35700Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35700
CVE-2022-35701Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35701
CVE-2022-35703Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35703
CVE-2022-35704Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35704
CVE-2022-35705Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35705
CVE-2022-35706Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35706
CVE-2022-35707Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35707
CVE-2022-35708Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-35708
CVE-2021-23017A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.7.7https://nvd.nist.gov/vuln/detail/CVE-2021-23017
CVE-2022-38012Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.7.7https://nvd.nist.gov/vuln/detail/CVE-2022-38012
CVE-2015-8393pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.7.5https://nvd.nist.gov/vuln/detail/CVE-2015-8393
CVE-2020-5403Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5403
CVE-2020-5410Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5410
CVE-2020-3452A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-3452
CVE-2020-3569Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-3569
CVE-2021-3115Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3115
CVE-2021-1243A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1243
CVE-2020-35558An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-35558
CVE-2021-0233A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets will sustain the Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX500 Series, ACX4000 Series: 17.4 versions prior to 17.4R3-S2.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-0233
CVE-2021-23382The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23382
CVE-2020-36332A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36332
CVE-2020-36382OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36382
CVE-2021-36213HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-36213
CVE-2020-5351Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5351
CVE-2021-33198In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33198
CVE-2021-29923Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29923
CVE-2020-19750An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-19750
CVE-2020-20665rudp v0.6 was discovered to contain a memory leak in the component main.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-20665
CVE-2022-23098An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23098
CVE-2021-46669MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46669
CVE-2018-25032zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-25032
CVE-2022-27376MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27376
CVE-2022-27377MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27377
CVE-2022-27378An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27378
CVE-2022-27379An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27379
CVE-2022-27380An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27380
CVE-2022-27381An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27381
CVE-2022-27383MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27383
CVE-2022-27384An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27384
CVE-2022-27386MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27386
CVE-2022-27387MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27387
CVE-2022-27445MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27445
CVE-2022-27447MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27447
CVE-2022-27448There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27448
CVE-2022-27449MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27449
CVE-2022-27452MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27452
CVE-2022-27456MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27456
CVE-2022-27458MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27458
CVE-2022-24675encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24675
CVE-2022-28327The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28327
CVE-2021-36778A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-36778
CVE-2021-25002The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL7.5https://nvd.nist.gov/vuln/detail/CVE-2021-25002
CVE-2022-28487Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28487
CVE-2022-30781Gitea before 1.16.7 does not escape git fetch remote.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30781
CVE-2022-29021A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29021
CVE-2022-29022A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29022
CVE-2022-29023A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29023
CVE-2022-31805In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31805
CVE-2022-32083MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32083
CVE-2022-32084MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32084
CVE-2022-32085MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32085
CVE-2022-32087MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32087
CVE-2022-32088MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32088
CVE-2022-32091MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32091
CVE-2022-2309NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2309
CVE-2022-30791In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30791
CVE-2022-30792In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30792
CVE-2022-30634Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30634
CVE-2022-32458Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32458
CVE-2021-46828In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46828
CVE-2022-35737SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35737
CVE-2021-33645The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33645
CVE-2021-33646The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33646
CVE-2021-40040Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40040
CVE-2022-37006Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37006
CVE-2022-38161The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38161
CVE-2021-3800A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3800
CVE-2022-32793Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32793
CVE-2022-22728A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22728
CVE-2022-2255A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2255
CVE-2022-32743Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32743
CVE-2022-2083The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2083
CVE-2022-27664In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27664
CVE-2022-35513The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35513
CVE-2022-28220Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28220
CVE-2022-37857bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37857
CVE-2022-36092XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects, though class and property name must be known. This is also exploitable on private wikis. This has been patched in versions 14.2 and 13.10.4 by properly checking view rights before loading documents and disallowing non-default templates in the login, registration and skin action. As a workaround, it would be possible to protect all templates individually by adding code to check access rights first.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36092
CVE-2020-10735A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-10735
CVE-2022-28740aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28740
CVE-2022-28742aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28742
CVE-2022-38614An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38614
CVE-2022-31006indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose. However, the ledger content will not be impacted and the ledger will resume functioning after the attack. This attack exploits the trade-off between resilience and availability. Any protection against abusive client connections will also prevent the network being accessed by certain legitimate users. As a result, validator nodes must tune their firewall rules to ensure the right trade-off for their network's expected users. The guidance to network operators for the use of firewall rules in the deployment of Indy networks has been modified to better protect against denial of service attacks by increasing the cost and complexity in mounting such attacks. The mitigation for this vulnerability is not in the Hyperledger Indy code per se, but rather in the individual deployments of Indy. The mitigations should be applied to all deployments of Indy, and are not related to a particular release.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31006
CVE-2021-37819PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37819
CVE-2022-36255A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36255
CVE-2022-36256A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36256
CVE-2022-36257A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36257
CVE-2022-36258A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36258
CVE-2022-36259A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36259
CVE-2022-37835Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37835
CVE-2022-37734graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37734
CVE-2022-37797In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37797
CVE-2022-35572On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35572
CVE-2022-39158A vulnerability has been identified in RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RS416Pv2 (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < v5.6.0), RUGGEDCOM ROS RST2228 (All versions < v5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < v5.6.0), RUGGEDCOM ROS RST916P (All versions < v5.6.0). Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39158
CVE-2022-3174Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3174
CVE-2022-1278A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1278
CVE-2022-38100The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38100
CVE-2022-39801SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39801
CVE-2022-3029In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3029
CVE-2022-36104TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36104
CVE-2022-34720Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34720
CVE-2022-34724Windows DNS Server Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34724
CVE-2022-35833Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-30196.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35833
CVE-2022-35838HTTP V3 Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35838
CVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37958
CVE-2022-38013.NET Core and Visual Studio Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38013
CVE-2022-39208Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. This issue has been resolved in version 7.3.0 and users are advised to upgrade. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39208
CVE-2022-39821In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs under /usr/Systems/OTNE_1_14_Master/maintenance/trace/web/.otn.default.log. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39821
CVE-2022-40621Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40621
CVE-2022-38769The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38769
CVE-2022-3212<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3212
CVE-2021-38924IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38924
CVE-2022-29492Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29492
CVE-2022-29922Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29922
CVE-2022-2277Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2277
CVE-2022-36113Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36113
CVE-2022-36114Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36114
CVE-2022-3001This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3001
CVE-2022-37262A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37262
CVE-2022-38890Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38890
CVE-2022-37260A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37260
CVE-2022-36074Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36074
CVE-2022-39213go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`. Users are advised to upgrade. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes defined (e.g. `AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M`). As stated in [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), the CPE v2.3 to refer to this Go module is `cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*`. The entry has already been requested to the NVD CPE dictionary.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39213
CVE-2022-22091Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22091
CVE-2022-25669Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25669
CVE-2022-25670Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25670
CVE-2022-25690Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25690
CVE-2022-25706Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25706
CVE-2022-40149Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40149
CVE-2022-40150Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40150
CVE-2022-40151Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40151
CVE-2022-40152Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40152
CVE-2022-40153Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40153
CVE-2022-40154Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40154
CVE-2022-40155Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40155
CVE-2022-40156Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40156
CVE-2020-36600Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36600
CVE-2020-36601Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36601
CVE-2021-40023Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40023
CVE-2021-40024Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40024
CVE-2021-46836Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46836
CVE-2022-38978The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38978
CVE-2022-38979The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38979
CVE-2022-38987The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38987
CVE-2022-38988The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38988
CVE-2022-38989The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38989
CVE-2022-38990The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38990
CVE-2022-38991The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38991
CVE-2022-38992The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38992
CVE-2022-38993The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38993
CVE-2022-38994The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38994
CVE-2022-38995The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38995
CVE-2022-38996The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38996
CVE-2022-38997The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38997
CVE-2022-35934TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35934
CVE-2022-35935TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35935
CVE-2022-35940TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35940
CVE-2022-35941TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35941
CVE-2022-35952TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35952
CVE-2022-35964TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35964
CVE-2022-35965TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35965
CVE-2022-35966TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35966
CVE-2022-35967TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35967
CVE-2022-35968TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35968
CVE-2022-35969TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35969
CVE-2022-35970TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35970
CVE-2022-35971TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35971
CVE-2022-35972TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35972
CVE-2022-35973TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35973
CVE-2022-35974TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35974
CVE-2022-35979TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35979
CVE-2022-35981TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35981
CVE-2022-35982TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35982
CVE-2022-35983TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35983
CVE-2022-35984TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35984
CVE-2022-35985TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35985
CVE-2022-35986TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35986
CVE-2022-35987TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35987
CVE-2022-35988TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35988
CVE-2022-35989TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35989
CVE-2022-35990TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35990
CVE-2022-36018TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36018
CVE-2022-36019TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36019
CVE-2022-36026TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36026
CVE-2022-35991TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35991
CVE-2022-35992TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35992
CVE-2022-35993TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35993
CVE-2022-35994TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35994
CVE-2022-35995TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35995
CVE-2022-35996TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35996
CVE-2022-35997TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35997
CVE-2022-35998TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35998
CVE-2022-35999TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35999
CVE-2022-36000TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36000
CVE-2022-36001TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36001
CVE-2022-36002TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36002
CVE-2022-36003TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36003
CVE-2022-36004TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36004
CVE-2022-36005TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36005
CVE-2022-36011TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36011
CVE-2022-36012TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36012
CVE-2022-36013TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36013
CVE-2022-36014TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36014
CVE-2022-36015TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36015
CVE-2022-36016TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36016
CVE-2022-36017TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36017
CVE-2022-36027TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36027
CVE-2022-3079Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3079
CVE-2022-37972Microsoft Endpoint Configuration Manager Spoofing Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37972
CVE-2021-0232An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-0232
CVE-2021-0260An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. This issue affects: Juniper Networks Junos OS: 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S6, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-0260
CVE-2021-33195Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-33195
CVE-2022-32223Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\\Program Files\\Common Files\\SSL\\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-32223
CVE-2022-36840DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-36840
CVE-2022-29549An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-29549
CVE-2022-30170Windows Credential Roaming Service Elevation of Privilege Vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-30170
CVE-2022-38011Raw Image Extension Remote Code Execution Vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-38011
CVE-2022-38020Visual Studio Code Elevation of Privilege Vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-38020
CVE-2020-2038An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-2038
CVE-2020-18885Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-18885
CVE-2020-20746A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-20746
CVE-2022-2447A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-2447
CVE-2022-38265Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38265
CVE-2022-38267School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38267
CVE-2022-38268School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38268
CVE-2022-38269School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38269
CVE-2022-36102Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-36102
CVE-2022-38605Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38605
CVE-2022-38606Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38606
CVE-2022-38610Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38610
CVE-2022-38302Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38302
CVE-2022-38303Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38303
CVE-2022-38304Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38304
CVE-2022-40634Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-40634
CVE-2022-40635Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-40635
CVE-2022-38323Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38323
CVE-2022-38594Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38594
CVE-2022-38595Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38595
CVE-2022-38534TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38534
CVE-2022-38535TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38535
CVE-2022-38832School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38832
CVE-2022-38833School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38833
CVE-2022-35193TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-35193
CVE-2022-35195TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php7.2https://nvd.nist.gov/vuln/detail/CVE-2022-35195
CVE-2022-38877Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38877
CVE-2022-38878School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-38878
CVE-2020-8968Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-8968
CVE-2022-36093XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-36093
CVE-2022-39844Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-39844
CVE-2022-39845Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-39845
CVE-2022-34108An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-34108
CVE-2022-34109An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \\PromoPhoto\\, regardless of file type or size.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-34109
CVE-2022-2989An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-2989
CVE-2022-2990An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-2990
CVE-2022-3202A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-3202
CVE-2020-8016A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.7https://nvd.nist.gov/vuln/detail/CVE-2020-8016
CVE-2022-26928Windows Photo Import API Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-26928
CVE-2022-34725Windows ALPC Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-34725
CVE-2021-0697In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2389184037https://nvd.nist.gov/vuln/detail/CVE-2021-0697
CVE-2022-3182Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.7https://nvd.nist.gov/vuln/detail/CVE-2022-3182
CVE-2022-22093Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile7https://nvd.nist.gov/vuln/detail/CVE-2022-22093
CVE-2022-22094memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile7https://nvd.nist.gov/vuln/detail/CVE-2022-22094
CVE-2022-25696Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables7https://nvd.nist.gov/vuln/detail/CVE-2022-25696
CVE-2021-33080Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-33080
CVE-2021-33656When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-33656
CVE-2022-38399Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection6.8https://nvd.nist.gov/vuln/detail/CVE-2022-38399
CVE-2022-36385A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-36385
CVE-2021-1383Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-1383
CVE-2022-34709Windows Defender Credential Guard Security Feature Bypass Vulnerability.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-34709
CVE-2022-20231In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211485702References: N/A6.7https://nvd.nist.gov/vuln/detail/CVE-2022-20231
CVE-2022-25654Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables6.7https://nvd.nist.gov/vuln/detail/CVE-2022-25654
CVE-2019-14433An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-14433
CVE-2020-8193Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8193
CVE-2020-8195Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8195
CVE-2021-1349A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1349
CVE-2021-3114In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3114
CVE-2021-1389A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1389
CVE-2020-35557An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-35557
CVE-2021-1228A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. This vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a crafted LLDP packet on the adjacent subnet to an affected device. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1228
CVE-2020-12527An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-12527
CVE-2021-1352A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1352
CVE-2020-36319Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController6.5https://nvd.nist.gov/vuln/detail/CVE-2020-36319
CVE-2020-8300Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8300
CVE-2020-18899An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-18899
CVE-2020-18775In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-18775
CVE-2020-18778In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-18778
CVE-2021-38698HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38698
CVE-2020-21050Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-21050
CVE-2020-9059Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-9059
CVE-2020-9060Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-9060
CVE-2021-24761The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-24761
CVE-2022-32206curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-32206
CVE-2022-31150undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\\r\\n` is a workaround for this issue.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-31150
CVE-2022-2370The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2370
CVE-2021-4209A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4209
CVE-2022-2330Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2330
CVE-2022-36449An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36449
CVE-2022-31167XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-31167
CVE-2022-30312The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller (IC) protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller (IC) protocol (57612/UDP). The potential impact is: Compromise of credentials. Several Trend Controls building automation controllers utilize the Inter-Controller (IC) protocol in for information exchange and automation purposes. This protocol offers authentication in the form of a 4-digit PIN in order to protect access to sensitive operations like strategy uploads and downloads as well as optional 0-30 character username and password protection for web page access protection. Both the PIN and usernames and passwords are transmitted in cleartext, allowing an attacker with passive interception capabilities to obtain these credentials. Credentials are transmitted in cleartext. An attacker who obtains Trend IC credentials can carry out sensitive engineering actions such as manipulating controller strategy or configuration settings. If the credentials in question are (re)used for other applications, their compromise could potentially facilitate lateral movement.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-30312
CVE-2022-2528In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2528
CVE-2022-26392The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26392
CVE-2022-36870Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36870
CVE-2022-36871Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36871
CVE-2022-36872Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36872
CVE-2022-36873Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36873
CVE-2022-3147Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3147
CVE-2022-38613A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-38613
CVE-2022-36087OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36087
CVE-2022-38266An issue in the Leptonica linked library (v1.79.0) in Tesseract v5.0.0 allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-38266
CVE-2021-44425An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).6.5https://nvd.nist.gov/vuln/detail/CVE-2021-44425
CVE-2022-38135Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-38135
CVE-2022-37959Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-37959
CVE-2022-38006Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-35837.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-38006
CVE-2022-38342Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-38342
CVE-2022-22483IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22483
CVE-2022-35637IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35637
CVE-2022-39816In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext password) occur in /cgi-bin/R14.2/cgi-bin/R14.2/host.pl on the edit configuration page. Exploitation requires an authenticated attacker.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-39816
CVE-2022-31324An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-31324
CVE-2022-37191The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-37191
CVE-2022-35946GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35946
CVE-2022-40438Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40438
CVE-2022-40439An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40439
CVE-2020-36603The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-36603
CVE-2022-40734UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40734
CVE-2022-40736An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40736
CVE-2022-40737An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40737
CVE-2022-40738An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40738
CVE-2022-1798A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1798
CVE-2022-39209cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-39209
CVE-2022-34002The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-34002
CVE-2020-8017A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.6.3https://nvd.nist.gov/vuln/detail/CVE-2020-8017
CVE-2022-36109Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-36109
CVE-2022-39202matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode commands can only be executed by privileged users, so this can only be abused if an operator is tricked into running the command on behalf of an attacker. The vulnerability has been patched in matrix-appservice-irc 0.35.0. As a workaround users should refrain from entering mode commands suggested by untrusted users. Avoid using multiple modes in a single command.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-39202
CVE-2022-36874Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.6.2https://nvd.nist.gov/vuln/detail/CVE-2022-36874
CVE-2022-30770Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-30770
CVE-2022-1355A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-1355
CVE-2022-3123Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-3123
CVE-2022-36869Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-36869
CVE-2022-39809An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-39809
CVE-2022-39810An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be possible.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-39810
CVE-2022-40322SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40322
CVE-2022-40323SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40323
CVE-2022-40324SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40324
CVE-2022-40325SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40325
CVE-2022-38972Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38972
CVE-2022-38291SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38291
CVE-2022-38295Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38295
CVE-2022-38069Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38069
CVE-2022-35298SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-35298
CVE-2022-39799An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-39799
CVE-2022-36020The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-36020
CVE-2022-36108TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-36108
CVE-2022-3205An XSS exists in automation controller UI where the project name is susceptible to XSS injection6.1https://nvd.nist.gov/vuln/detail/CVE-2022-3205
CVE-2022-39814In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-39814
CVE-2022-40626An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40626
CVE-2022-38796A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38796
CVE-2022-35945GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal a GLPI administrator cookie. Users are advised to upgrade to 10.0.3. There are no known workarounds for this issue. ### Workarounds Do not use a registration key created by an untrusted person.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-35945
CVE-2022-37724Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-37724
CVE-2022-40365Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40365
CVE-2022-31735OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31735
CVE-2022-3224Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-3224
CVE-2022-29649Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-29649
CVE-2022-2654The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2654
CVE-2022-2655The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2655
CVE-2022-2669The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2669
CVE-2022-3223Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-3223
CVE-2022-38845Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38845
CVE-2022-37775Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-37775
CVE-2021-4158A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.6https://nvd.nist.gov/vuln/detail/CVE-2021-4158
CVE-2021-36221Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-36221
CVE-2021-38542Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-38542
CVE-2022-32208When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-32208
CVE-2022-34716.NET Spoofing Vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-34716
CVE-2022-38400Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-38400
CVE-2022-40306The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) through 2022-06-27 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-40306
CVE-2022-38846EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-38846
CVE-2022-36112GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds.5.8https://nvd.nist.gov/vuln/detail/CVE-2022-36112
CVE-2022-3027The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.5.7https://nvd.nist.gov/vuln/detail/CVE-2022-3027
CVE-2022-3225Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20.5.7https://nvd.nist.gov/vuln/detail/CVE-2022-3225
CVE-2022-27939tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27939
CVE-2022-28506There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28506
CVE-2021-33069Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-33069
CVE-2022-1794The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1794
CVE-2022-32317The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-32317
CVE-2022-33734Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-33734
CVE-2022-36829PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36829
CVE-2022-36830PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36830
CVE-2022-36831Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36831
CVE-2022-36836Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36836
CVE-2022-36837Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36837
CVE-2022-36839SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36839
CVE-2022-34708Windows Kernel Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30197.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34708
CVE-2022-34710Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34704, CVE-2022-34712.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34710
CVE-2022-34712Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34704, CVE-2022-34710.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34712
CVE-2022-2980NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2980
CVE-2022-38533In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38533
CVE-2020-35538A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-35538
CVE-2022-1354A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1354
CVE-2020-35530In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\\src\\x3f\\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-35530
CVE-2020-35531In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\\src\\x3f\\x3f_utils_patched.cpp) when reading data from an image file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-35531
CVE-2020-35532In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\\src\\x3f\\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-35532
CVE-2020-35533In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\\src\\decoders\\dng.cpp) when reading data from the image file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-35533
CVE-2022-1615In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1615
CVE-2022-36088GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions when installing outside of the default location. This could allow a malicious user with local access to the server GoCD Server or Agent are installed on to modify executables or components of the installation. This does not affect zip file-based installs, installations to other platforms, or installations inside `Program Files` or `Program Files (x86)`. This issue is fixed in GoCD 22.2.0 installers. As a workaround, if the server or agent is installed outside of `Program Files (x86)`, verify the the permission of the Server or Agent installation directory to ensure the `Everyone` user group does not have `Full Control`, `Modify` or `Write` permissions.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36088
CVE-2022-2905An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2905
CVE-2022-36280An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36280
CVE-2022-36867Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36867
CVE-2022-36875Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36875
CVE-2022-38081OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38081
CVE-2022-38096A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38096
CVE-2022-38457A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38457
CVE-2022-3077A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3077
CVE-2022-3169A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3169
CVE-2022-40133A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-40133
CVE-2021-40647In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40647
CVE-2021-40648In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40648
CVE-2022-34110An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34110
CVE-2022-37302A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37302
CVE-2022-1602A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1602
CVE-2022-3190Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3190
CVE-2022-34723Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34723
CVE-2022-34728Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35837, CVE-2022-38006.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34728
CVE-2022-35831Windows Remote Access Connection Manager Information Disclosure Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35831
CVE-2022-35832Windows Event Tracing Denial of Service Vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35832
CVE-2022-35837Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35837
CVE-2022-20393In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-2337358865.5https://nvd.nist.gov/vuln/detail/CVE-2022-20393
CVE-2022-20396In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-2344406885.5https://nvd.nist.gov/vuln/detail/CVE-2022-20396
CVE-2022-20399In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel5.5https://nvd.nist.gov/vuln/detail/CVE-2022-20399
CVE-2022-38306LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38306
CVE-2022-38307LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38307
CVE-2022-38496LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38496
CVE-2022-38497LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38497
CVE-2022-0029An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0029
CVE-2022-36056Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First a cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature. Second, when providing identity flags, the email and issuer of a certificate is not checked when verifying a Rekor bundle, and the GitHub Actions identity is never checked. Third, providing an invalid Rekor bundle without the experimental flag results in a successful verification. And fourth an invalid transparency log entry will result in immediate success for verification. Details and examples of these issues can be seen in the GHSA-8gw7-4j42-w388 advisory linked. Users are advised to upgrade to 1.12.0. There are no known workarounds for these issues.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36056
CVE-2022-40476A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-40476
CVE-2022-3222Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3222
CVE-2022-2472Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2472
CVE-2022-38853Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38853
CVE-2022-38855Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38855
CVE-2022-38856Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38856
CVE-2022-38858Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38858
CVE-2022-38860Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38860
CVE-2022-38861The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38861
CVE-2022-38863Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38863
CVE-2022-38864Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38864
CVE-2022-38865Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38865
CVE-2022-38866Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38866
CVE-2022-38600Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38600
CVE-2022-38850The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38850
CVE-2022-38851Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38851
CVE-2022-38334XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38334
CVE-2022-25653Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables5.5https://nvd.nist.gov/vuln/detail/CVE-2022-25653
CVE-2022-36402An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).5.5https://nvd.nist.gov/vuln/detail/CVE-2022-36402
CVE-2022-38409Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38409
CVE-2022-38410Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38410
CVE-2022-28854Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28854
CVE-2022-28855Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28855
CVE-2022-28856Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28856
CVE-2022-28857Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-28857
CVE-2022-30671Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-30671
CVE-2022-30672Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-30672
CVE-2022-30673Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-30673
CVE-2022-30674Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-30674
CVE-2022-30675Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-30675
CVE-2022-30676Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-30676
CVE-2022-38406Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38406
CVE-2022-38407Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38407
CVE-2022-38428Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38428
CVE-2022-38425Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38425
CVE-2022-38256TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38256
CVE-2022-26394The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-26394
CVE-2022-34165IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-34165
CVE-2022-40317OpenKM 6.3.11 allows stored XSS related to the javascript&colon; substring in an A element.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-40317
CVE-2022-25295This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\\\\\\\example.com, browser will redirect user to http://example.com.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-25295
CVE-2022-37796In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37796
CVE-2022-36254Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36254
CVE-2022-36778insert HTML / js code inside input how to get to the vulnerable input : Workers &gt; worker nickname &gt; inject in this input the code.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36778
CVE-2022-35294An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-35294
CVE-2022-36106TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36106
CVE-2022-36107TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36107
CVE-2022-39207Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting (XSS) when a user creates a build artifact that contains HTML. When accessing the artifact, the content is rendered by the browser, including any JavaScript that it contains. Since all cookies (except for the rememberMe one) do not set the HttpOnly flag, an attacker could steal the session of a victim and use it to impersonate them. To exploit this issue, attackers need to be able to modify the content of artifacts, which usually means they need to be able to modify a project's build spec. The exploitation requires the victim to click on an attacker's link. It can be used to elevate privileges by targeting admins of a OneDev instance. In the worst case, this can lead to arbitrary code execution on the server, because admins can create Server Shell Executors and use them to run any command on the server. This issue has been patched in version 7.3.0. Users are advised to upgrade. There are no known workarounds for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-39207
CVE-2022-34336IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-34336
CVE-2021-36568In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-36568
CVE-2022-31861Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-31861
CVE-2020-19587Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-19587
CVE-2022-36668Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36668
CVE-2022-37137PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37137
CVE-2022-37139Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37139
CVE-2022-31187GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-31187
CVE-2018-25047In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.5.4https://nvd.nist.gov/vuln/detail/CVE-2018-25047
CVE-2022-3211Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-3211
CVE-2022-38814A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38814
CVE-2022-36533Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36533
CVE-2022-37250Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37250
CVE-2022-37248Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37248
CVE-2021-42597A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-42597
CVE-2022-30677Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30677
CVE-2022-30678Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30678
CVE-2022-30680Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30680
CVE-2022-30681Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30681
CVE-2022-30682Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30682
CVE-2022-30684Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30684
CVE-2022-30685Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30685
CVE-2022-30686Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-30686
CVE-2022-34218Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-34218
CVE-2022-35664Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-35664
CVE-2020-25594HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-25594
CVE-2021-3024HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-3024
CVE-2020-35561An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-35561
CVE-2020-35566An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-35566
CVE-2020-35570An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-35570
CVE-2020-36238The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-36238
CVE-2020-36287The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-36287
CVE-2021-33197In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-33197
CVE-2020-19003An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-19003
CVE-2021-25118The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-25118
CVE-2022-32222A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-32222
CVE-2022-32457Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-32457
CVE-2022-2552The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-2552
CVE-2022-38067Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-38067
CVE-2022-36101Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36101
CVE-2022-39200Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `/get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through other endpoints (e.g. `/event`, `/state`) as they have been correctly verified. Homeservers that have federation disabled are not vulnerable. The problem has been fixed in Dendrite 0.9.8. Users are advised to upgrade. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-39200
CVE-2022-3175Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-3175
CVE-2022-36780Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36780
CVE-2022-39014Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-39014
CVE-2022-36105TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36105
CVE-2022-22330IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-22330
CVE-2022-38770The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-38770
CVE-2022-22520A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-22520
CVE-2022-31143GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of GLPI (like smtp or cas hosts). Note that passwords are not exposed. Users are advised to upgrade to version 10.0.3. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-31143
CVE-2022-2877The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-2877
CVE-2022-30683Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-30683
CVE-2022-32244Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application.5.2https://nvd.nist.gov/vuln/detail/CVE-2022-32244
CVE-2022-31220Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.5.1https://nvd.nist.gov/vuln/detail/CVE-2022-31220
CVE-2022-31225Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.5.1https://nvd.nist.gov/vuln/detail/CVE-2022-31225
CVE-2022-29614SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.5https://nvd.nist.gov/vuln/detail/CVE-2022-29614
CVE-2022-36834Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.5https://nvd.nist.gov/vuln/detail/CVE-2022-36834
CVE-2021-1406A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-1406
CVE-2022-21427Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2022-21427
CVE-2022-36617Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-36617
CVE-2022-35295In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-35295
CVE-2022-2863The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack4.9https://nvd.nist.gov/vuln/detail/CVE-2022-2863
CVE-2021-25049The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2021-25049
CVE-2022-1095The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2022-1095
CVE-2022-35882Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-35882
CVE-2022-36859Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim&#39;s devices.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-36859
CVE-2021-44076An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-44076
CVE-2022-27561There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).4.8https://nvd.nist.gov/vuln/detail/CVE-2022-27561
CVE-2022-2351The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2351
CVE-2022-2575The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2575
CVE-2022-2635The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2635
CVE-2022-2737The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2737
CVE-2022-2799The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2799
CVE-2022-2887The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2887
CVE-2021-41731Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field4.8https://nvd.nist.gov/vuln/detail/CVE-2021-41731
CVE-2021-1231A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic.4.7https://nvd.nist.gov/vuln/detail/CVE-2021-1231
CVE-2021-33075Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.4.7https://nvd.nist.gov/vuln/detail/CVE-2021-33075
CVE-2021-33078Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.4.7https://nvd.nist.gov/vuln/detail/CVE-2021-33078
CVE-2022-34704Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34710, CVE-2022-34712.4.7https://nvd.nist.gov/vuln/detail/CVE-2022-34704
CVE-2021-33074Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.4.6https://nvd.nist.gov/vuln/detail/CVE-2021-33074
CVE-2021-33082Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.4.6https://nvd.nist.gov/vuln/detail/CVE-2021-33082
CVE-2022-36838Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-36838
CVE-2022-36851Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-36851
CVE-2021-33083Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-33083
CVE-2022-31222Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-31222
CVE-2022-38453Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities.4.4https://nvd.nist.gov/vuln/detail/CVE-2022-38453
CVE-2022-1778Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*4.4https://nvd.nist.gov/vuln/detail/CVE-2022-1778
CVE-2020-8196Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-8196
CVE-2021-1305Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-1305
CVE-2020-35568An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-35568
CVE-2021-34574In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-34574
CVE-2022-32205A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-32205
CVE-2022-35913Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-35913
CVE-2022-36095XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36095
CVE-2022-38299An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-38299
CVE-2022-22329IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-22329
CVE-2022-38329An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnerability that can delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-38329
CVE-2022-38788An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).4.3https://nvd.nist.gov/vuln/detail/CVE-2022-38788
CVE-2022-36075Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36075
CVE-2022-2912The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2912
CVE-2022-2913The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2913
CVE-2022-26390The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.4.2https://nvd.nist.gov/vuln/detail/CVE-2022-26390
CVE-2021-1221A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.4.1https://nvd.nist.gov/vuln/detail/CVE-2021-1221
CVE-2022-36835Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.4https://nvd.nist.gov/vuln/detail/CVE-2022-36835
CVE-2022-1697Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.3.9https://nvd.nist.gov/vuln/detail/CVE-2022-1697
CVE-2021-42948HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.3.7https://nvd.nist.gov/vuln/detail/CVE-2021-42948
CVE-2022-33733Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-33733
CVE-2022-36832Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-36832
CVE-2021-3574A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-3574
CVE-2022-36865Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-36865
CVE-2022-36866Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-36866
CVE-2022-36877Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-36877
CVE-2022-36878Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-36878
CVE-2022-38701OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-38701
CVE-2022-37703In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-37703
CVE-2022-30629Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.3.1https://nvd.nist.gov/vuln/detail/CVE-2022-30629
CVE-2022-36876Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.2.4https://nvd.nist.gov/vuln/detail/CVE-2022-36876
CVE-2022-31224Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.2.4https://nvd.nist.gov/vuln/detail/CVE-2022-31224
CVE-2022-31221Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.2.3https://nvd.nist.gov/vuln/detail/CVE-2022-31221
CVE-2022-31223Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.2.3https://nvd.nist.gov/vuln/detail/CVE-2022-31223
CVE-2008-2364The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.https://nvd.nist.gov/vuln/detail/CVE-2008-2364
CVE-2009-1890The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.https://nvd.nist.gov/vuln/detail/CVE-2009-1890
CVE-2009-1891The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).https://nvd.nist.gov/vuln/detail/CVE-2009-1891
CVE-2009-3094The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.https://nvd.nist.gov/vuln/detail/CVE-2009-3094
CVE-2009-3095The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.https://nvd.nist.gov/vuln/detail/CVE-2009-3095
CVE-2009-2699The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.https://nvd.nist.gov/vuln/detail/CVE-2009-2699
CVE-2010-0434The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.https://nvd.nist.gov/vuln/detail/CVE-2010-0434
CVE-2010-2179Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.https://nvd.nist.gov/vuln/detail/CVE-2010-2179
CVE-2011-0419Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.https://nvd.nist.gov/vuln/detail/CVE-2011-0419
CVE-2011-3192The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.https://nvd.nist.gov/vuln/detail/CVE-2011-3192
CVE-2011-3348The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.https://nvd.nist.gov/vuln/detail/CVE-2011-3348
CVE-2012-0031scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.https://nvd.nist.gov/vuln/detail/CVE-2012-0031
CVE-2012-0053protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.https://nvd.nist.gov/vuln/detail/CVE-2012-0053
CVE-2012-0883envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.https://nvd.nist.gov/vuln/detail/CVE-2012-0883
CVE-2012-3160Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.https://nvd.nist.gov/vuln/detail/CVE-2012-3160
CVE-2012-3197Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.https://nvd.nist.gov/vuln/detail/CVE-2012-3197
CVE-2012-5096Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.https://nvd.nist.gov/vuln/detail/CVE-2012-5096
CVE-2013-1502Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.https://nvd.nist.gov/vuln/detail/CVE-2013-1502
CVE-2013-1511Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2013-1511
CVE-2013-1548Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.https://nvd.nist.gov/vuln/detail/CVE-2013-1548
CVE-2013-1862mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.https://nvd.nist.gov/vuln/detail/CVE-2013-1862
CVE-2013-1950The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.https://nvd.nist.gov/vuln/detail/CVE-2013-1950
CVE-2013-1896mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.https://nvd.nist.gov/vuln/detail/CVE-2013-1896
CVE-2013-3812Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.https://nvd.nist.gov/vuln/detail/CVE-2013-3812
CVE-2013-2249mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.https://nvd.nist.gov/vuln/detail/CVE-2013-2249
CVE-2014-0401Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.https://nvd.nist.gov/vuln/detail/CVE-2014-0401
CVE-2014-0437Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2014-0437
CVE-2013-6438The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.https://nvd.nist.gov/vuln/detail/CVE-2013-6438
CVE-2014-0098The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.https://nvd.nist.gov/vuln/detail/CVE-2014-0098
CVE-2014-2430Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.https://nvd.nist.gov/vuln/detail/CVE-2014-2430
CVE-2014-2438Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.https://nvd.nist.gov/vuln/detail/CVE-2014-2438
CVE-2014-3470The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.https://nvd.nist.gov/vuln/detail/CVE-2014-3470
CVE-2014-0118The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.https://nvd.nist.gov/vuln/detail/CVE-2014-0118
CVE-2014-0226Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.https://nvd.nist.gov/vuln/detail/CVE-2014-0226
CVE-2014-6463Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.https://nvd.nist.gov/vuln/detail/CVE-2014-6463
CVE-2014-6474Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.https://nvd.nist.gov/vuln/detail/CVE-2014-6474
CVE-2014-6551Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.https://nvd.nist.gov/vuln/detail/CVE-2014-6551
CVE-2014-6568Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.https://nvd.nist.gov/vuln/detail/CVE-2014-6568
CVE-2015-0374Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.https://nvd.nist.gov/vuln/detail/CVE-2015-0374
CVE-2015-0499Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.https://nvd.nist.gov/vuln/detail/CVE-2015-0499
CVE-2015-0505Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.https://nvd.nist.gov/vuln/detail/CVE-2015-0505
CVE-2015-4757Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2015-4757
CVE-2015-4792Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.https://nvd.nist.gov/vuln/detail/CVE-2015-4792
CVE-2015-4807Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.https://nvd.nist.gov/vuln/detail/CVE-2015-4807
CVE-2015-4861Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2015-4861
CVE-2015-4864Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.https://nvd.nist.gov/vuln/detail/CVE-2015-4864
CVE-2015-4895Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2015-4895
CVE-2015-4913Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.https://nvd.nist.gov/vuln/detail/CVE-2015-4913
CVE-2022-29240Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of decompression buffer won't be overwritten, and will be left uninitialized. This can be exploited in several ways, depending on the privileges of the user. 1. The main exploit is that an attacker with access to CQL port, but no user account, can bypass authentication, but only if there are other legitimate clients making connections to the cluster, and they use LZ4. 2. Attacker that already has a user account on the cluster can read parts of uninitialized memory, which can contain things like passwords of other users or fragments of other queries / results, which leads to authorization bypass and sensitive information disclosure. The bug has been patched in the following versions: Scylla Enterprise: 2020.1.14, 2021.1.12, 2022.1.0. Scylla Open Source: 4.6.7, 5.0.3. Users unable to upgrade should make sure none of their drivers connect to cluster using LZ4 compression, and that Scylla CQL port is behind firewall. Additionally make sure no untrusted client can connect to Scylla, by setting up authentication and applying workarounds from previous point (firewall, no lz4 compression).https://nvd.nist.gov/vuln/detail/CVE-2022-29240
CVE-2022-39215Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.https://nvd.nist.gov/vuln/detail/CVE-2022-39215
CVE-2022-39001The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-39001
CVE-2022-39002Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.https://nvd.nist.gov/vuln/detail/CVE-2022-39002
CVE-2022-39003Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.https://nvd.nist.gov/vuln/detail/CVE-2022-39003
CVE-2022-39004The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.https://nvd.nist.gov/vuln/detail/CVE-2022-39004
CVE-2022-39005The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.https://nvd.nist.gov/vuln/detail/CVE-2022-39005
CVE-2022-39006The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.https://nvd.nist.gov/vuln/detail/CVE-2022-39006
CVE-2022-39007The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.https://nvd.nist.gov/vuln/detail/CVE-2022-39007
CVE-2022-39008The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.https://nvd.nist.gov/vuln/detail/CVE-2022-39008
CVE-2022-39009The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.https://nvd.nist.gov/vuln/detail/CVE-2022-39009
CVE-2022-39010The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.https://nvd.nist.gov/vuln/detail/CVE-2022-39010
CVE-2022-38621Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2022-38621
CVE-2022-39063When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without checking the maximum length. If the pdi.local_f_teid.len exceeds the maximum length of the struct of f_teid, the memcpy() overwrites the fields (e.g., f_teid_len) after f_teid in the pdr struct. After parsing the request, the UPF starts to build a response. The f_teid_len with its overwritten value is used as a length for memcpy(). A segmentation fault occurs, as a result of a memcpy(), if this overwritten value is large enough.https://nvd.nist.gov/vuln/detail/CVE-2022-39063
CVE-2022-3214Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-3214
CVE-2020-254916Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page.https://nvd.nist.gov/vuln/detail/CVE-2020-25491
CVE-2022-35959TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-35959
CVE-2022-35960TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-35960
CVE-2022-35963TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-35963
CVE-2022-28758Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.https://nvd.nist.gov/vuln/detail/CVE-2022-28758
CVE-2022-29489Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.https://nvd.nist.gov/vuln/detail/CVE-2022-29489
CVE-2022-2332A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.https://nvd.nist.gov/vuln/detail/CVE-2022-2332
CVE-2022-2333If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.https://nvd.nist.gov/vuln/detail/CVE-2022-2333
CVE-2022-35194TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.https://nvd.nist.gov/vuln/detail/CVE-2022-35194
CVE-2022-37247Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.https://nvd.nist.gov/vuln/detail/CVE-2022-37247
CVE-2022-37251Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.https://nvd.nist.gov/vuln/detail/CVE-2022-37251
CVE-2022-37258Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.https://nvd.nist.gov/vuln/detail/CVE-2022-37258
CVE-2022-37709Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.https://nvd.nist.gov/vuln/detail/CVE-2022-37709
CVE-2022-3217When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-3217
CVE-2022-40755JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.https://nvd.nist.gov/vuln/detail/CVE-2022-40755
CVE-2022-40757A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.https://nvd.nist.gov/vuln/detail/CVE-2022-40757
CVE-2022-40758A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.https://nvd.nist.gov/vuln/detail/CVE-2022-40758
CVE-2022-40759A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.https://nvd.nist.gov/vuln/detail/CVE-2022-40759
CVE-2022-40760A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.https://nvd.nist.gov/vuln/detail/CVE-2022-40760
CVE-2022-40761The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.https://nvd.nist.gov/vuln/detail/CVE-2022-40761
CVE-2022-40762A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.https://nvd.nist.gov/vuln/detail/CVE-2022-40762
CVE-2022-39211Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-39211
CVE-2022-40300Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-40300
CVE-2022-39210Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-39210
CVE-2022-39212Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call.https://nvd.nist.gov/vuln/detail/CVE-2022-39212
CVE-2022-39217some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2022-39217
CVE-2022-3173Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.https://nvd.nist.gov/vuln/detail/CVE-2022-3173
CVE-2022-3231Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.https://nvd.nist.gov/vuln/detail/CVE-2022-3231
CVE-2022-39960The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.https://nvd.nist.gov/vuln/detail/CVE-2022-39960
CVE-2022-3232Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.https://nvd.nist.gov/vuln/detail/CVE-2022-3232
CVE-2022-3234Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.https://nvd.nist.gov/vuln/detail/CVE-2022-3234
CVE-2022-40766Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.https://nvd.nist.gov/vuln/detail/CVE-2022-40766
CVE-2022-40768drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.https://nvd.nist.gov/vuln/detail/CVE-2022-40768
CVE-2022-25873The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.https://nvd.nist.gov/vuln/detail/CVE-2022-25873
CVE-2022-40769profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.https://nvd.nist.gov/vuln/detail/CVE-2022-40769
CVE-2022-40774An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.https://nvd.nist.gov/vuln/detail/CVE-2022-40774
CVE-2022-40775An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.https://nvd.nist.gov/vuln/detail/CVE-2022-40775
CVE-2022-3235Use After Free in GitHub repository vim/vim prior to 9.0.0490.https://nvd.nist.gov/vuln/detail/CVE-2022-3235
CVE-2022-40778A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.https://nvd.nist.gov/vuln/detail/CVE-2022-40778
CVE-2022-38617SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.https://nvd.nist.gov/vuln/detail/CVE-2022-38617
CVE-2022-1580The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.https://nvd.nist.gov/vuln/detail/CVE-2022-1580
CVE-2022-1591The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackhttps://nvd.nist.gov/vuln/detail/CVE-2022-1591
CVE-2022-2567The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2022-2567
CVE-2022-2709The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2022-2709
CVE-2022-2710The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2022-2710
CVE-2022-2753The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation madehttps://nvd.nist.gov/vuln/detail/CVE-2022-2753
CVE-2022-2754The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attackshttps://nvd.nist.gov/vuln/detail/CVE-2022-2754
CVE-2022-2840The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injectionshttps://nvd.nist.gov/vuln/detail/CVE-2022-2840
CVE-2022-2958The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injectionshttps://nvd.nist.gov/vuln/detail/CVE-2022-2958
CVE-2022-38341Safe Software FME Server v2022.0.1.1 and below does not employ server-side validation.https://nvd.nist.gov/vuln/detail/CVE-2022-38341
CVE-2022-38880The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38880
CVE-2022-3021The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.https://nvd.nist.gov/vuln/detail/CVE-2022-3021
CVE-2022-3036The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2022-3036
CVE-2022-3141The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.https://nvd.nist.gov/vuln/detail/CVE-2022-3141
CVE-2022-3142The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.https://nvd.nist.gov/vuln/detail/CVE-2022-3142
CVE-2022-40067Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer.https://nvd.nist.gov/vuln/detail/CVE-2022-40067
CVE-2022-40068Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand.https://nvd.nist.gov/vuln/detail/CVE-2022-40068
CVE-2022-40069]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime.https://nvd.nist.gov/vuln/detail/CVE-2022-40069
CVE-2022-40070Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg.https://nvd.nist.gov/vuln/detail/CVE-2022-40070
CVE-2022-40071Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName.https://nvd.nist.gov/vuln/detail/CVE-2022-40071
CVE-2022-40072Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement.https://nvd.nist.gov/vuln/detail/CVE-2022-40072
CVE-2022-40073Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo.https://nvd.nist.gov/vuln/detail/CVE-2022-40073
CVE-2022-40074Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi.https://nvd.nist.gov/vuln/detail/CVE-2022-40074
CVE-2022-40075Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set.https://nvd.nist.gov/vuln/detail/CVE-2022-40075
CVE-2022-40076Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic.https://nvd.nist.gov/vuln/detail/CVE-2022-40076
CVE-2022-40424The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0https://nvd.nist.gov/vuln/detail/CVE-2022-40424
CVE-2022-40427The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0https://nvd.nist.gov/vuln/detail/CVE-2022-40427
CVE-2022-40805The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package.https://nvd.nist.gov/vuln/detail/CVE-2022-40805
CVE-2022-40806The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0https://nvd.nist.gov/vuln/detail/CVE-2022-40806
CVE-2022-40807The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0https://nvd.nist.gov/vuln/detail/CVE-2022-40807
CVE-2022-40808The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0https://nvd.nist.gov/vuln/detail/CVE-2022-40808
CVE-2022-40811The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40811
CVE-2022-29908The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation.https://nvd.nist.gov/vuln/detail/CVE-2022-29908
CVE-2022-35702Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.https://nvd.nist.gov/vuln/detail/CVE-2022-35702
CVE-2022-35709Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.https://nvd.nist.gov/vuln/detail/CVE-2022-35709
CVE-2022-35914/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.https://nvd.nist.gov/vuln/detail/CVE-2022-35914
CVE-2022-37203JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2022-37203
CVE-2022-37700Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig.https://nvd.nist.gov/vuln/detail/CVE-2022-37700
CVE-2022-38577ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.https://nvd.nist.gov/vuln/detail/CVE-2022-38577
CVE-2022-38618SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.https://nvd.nist.gov/vuln/detail/CVE-2022-38618
CVE-2022-38881The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38881
CVE-2022-38882The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38882
CVE-2022-38883The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38883
CVE-2022-38884The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38884
CVE-2022-38885The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38885
CVE-2022-38886The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38886
CVE-2022-38887The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-38887
CVE-2022-40425The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40425
CVE-2022-40426The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40426
CVE-2022-40428The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40428
CVE-2022-40429The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40429
CVE-2022-40430The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40430
CVE-2022-40431The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40431
CVE-2022-40432The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40432
CVE-2022-40712An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.https://nvd.nist.gov/vuln/detail/CVE-2022-40712
CVE-2022-40713An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.https://nvd.nist.gov/vuln/detail/CVE-2022-40713
CVE-2022-40714An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.https://nvd.nist.gov/vuln/detail/CVE-2022-40714
CVE-2022-40715An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.https://nvd.nist.gov/vuln/detail/CVE-2022-40715
CVE-2022-40809The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0https://nvd.nist.gov/vuln/detail/CVE-2022-40809
CVE-2022-40810The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0https://nvd.nist.gov/vuln/detail/CVE-2022-40810
CVE-2022-40812The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2022-40812
CVE-2022-40978The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijackinghttps://nvd.nist.gov/vuln/detail/CVE-2022-40978
CVE-2022-38333Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.https://nvd.nist.gov/vuln/detail/CVE-2022-38333
CVE-2022-3218Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-3218
CVE-2022-40468Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime.https://nvd.nist.gov/vuln/detail/CVE-2022-40468
CVE-2022-34893Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.https://nvd.nist.gov/vuln/detail/CVE-2022-34893
CVE-2022-37347Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234.https://nvd.nist.gov/vuln/detail/CVE-2022-37347
CVE-2022-37348Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.https://nvd.nist.gov/vuln/detail/CVE-2022-37348
CVE-2022-38764A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer.https://nvd.nist.gov/vuln/detail/CVE-2022-38764
CVE-2022-3213A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-3213
CVE-2022-40139Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-40139
CVE-2022-40140An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-40140
CVE-2022-40141A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.https://nvd.nist.gov/vuln/detail/CVE-2022-40141
CVE-2022-40142A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-40142
CVE-2022-40143A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-40143
CVE-2022-40144A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations.https://nvd.nist.gov/vuln/detail/CVE-2022-40144
CVE-2022-40234Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.https://nvd.nist.gov/vuln/detail/CVE-2022-40234
CVE-2022-40608IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.https://nvd.nist.gov/vuln/detail/CVE-2022-40608
CVE-2022-40980A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.https://nvd.nist.gov/vuln/detail/CVE-2022-40980
CVE-2022-23766An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.https://nvd.nist.gov/vuln/detail/CVE-2022-23766
CVE-2022-23767This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system.https://nvd.nist.gov/vuln/detail/CVE-2022-23767
CVE-2022-23768This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.https://nvd.nist.gov/vuln/detail/CVE-2022-23768
CVE-2022-29835WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.https://nvd.nist.gov/vuln/detail/CVE-2022-29835
CVE-2022-2995Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.https://nvd.nist.gov/vuln/detail/CVE-2022-2995
CVE-2022-38576Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=.https://nvd.nist.gov/vuln/detail/CVE-2022-38576
CVE-2022-3239A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2022-3239
CVE-2022-28201An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.https://nvd.nist.gov/vuln/detail/CVE-2022-28201
CVE-2022-28203A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.https://nvd.nist.gov/vuln/detail/CVE-2022-28203
CVE-2022-28204A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.https://nvd.nist.gov/vuln/detail/CVE-2022-28204
CVE-2022-38351A vulnerability in Suprema Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.https://nvd.nist.gov/vuln/detail/CVE-2022-38351
CVE-2022-0143When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)https://nvd.nist.gov/vuln/detail/CVE-2022-0143
CVE-2022-28321The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.https://nvd.nist.gov/vuln/detail/CVE-2022-28321
CVE-2022-35060OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.https://nvd.nist.gov/vuln/detail/CVE-2022-35060
CVE-2022-35061OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.https://nvd.nist.gov/vuln/detail/CVE-2022-35061
CVE-2022-35062OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.https://nvd.nist.gov/vuln/detail/CVE-2022-35062
CVE-2022-35063OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8.https://nvd.nist.gov/vuln/detail/CVE-2022-35063
CVE-2022-35064OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.https://nvd.nist.gov/vuln/detail/CVE-2022-35064
CVE-2022-35065OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.https://nvd.nist.gov/vuln/detail/CVE-2022-35065
CVE-2022-35066OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8.https://nvd.nist.gov/vuln/detail/CVE-2022-35066
CVE-2022-35067OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.https://nvd.nist.gov/vuln/detail/CVE-2022-35067
CVE-2022-35068OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.https://nvd.nist.gov/vuln/detail/CVE-2022-35068
CVE-2022-35069OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e.https://nvd.nist.gov/vuln/detail/CVE-2022-35069
CVE-2022-35070OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97.https://nvd.nist.gov/vuln/detail/CVE-2022-35070
CVE-2022-37032An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.https://nvd.nist.gov/vuln/detail/CVE-2022-37032
CVE-2022-38339Safe Software FME Server v2022.0.1.1 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.https://nvd.nist.gov/vuln/detail/CVE-2022-38339
CVE-2022-38509Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.https://nvd.nist.gov/vuln/detail/CVE-2022-38509
CVE-2022-38527UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.https://nvd.nist.gov/vuln/detail/CVE-2022-38527
CVE-2022-38532Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable.https://nvd.nist.gov/vuln/detail/CVE-2022-38532
CVE-2022-38545Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.https://nvd.nist.gov/vuln/detail/CVE-2022-38545
CVE-2022-38550A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2022-38550
CVE-2022-34746An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.https://nvd.nist.gov/vuln/detail/CVE-2022-34746
CVE-2022-2924Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.https://nvd.nist.gov/vuln/detail/CVE-2022-2924
CVE-2022-39955The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.https://nvd.nist.gov/vuln/detail/CVE-2022-39955
CVE-2022-39956The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8).https://nvd.nist.gov/vuln/detail/CVE-2022-39956
CVE-2022-39957The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively.https://nvd.nist.gov/vuln/detail/CVE-2022-39957
CVE-2022-39958The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher.https://nvd.nist.gov/vuln/detail/CVE-2022-39958
CVE-2022-3000Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.https://nvd.nist.gov/vuln/detail/CVE-2022-3000
CVE-2022-34917A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-34917
CVE-2022-3004Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.https://nvd.nist.gov/vuln/detail/CVE-2022-3004
CVE-2022-2177Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.https://nvd.nist.gov/vuln/detail/CVE-2022-2177
CVE-2022-3005Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.https://nvd.nist.gov/vuln/detail/CVE-2022-3005
CVE-2022-3242Code Injection in GitHub repository microweber/microweber prior to 1.3.2.https://nvd.nist.gov/vuln/detail/CVE-2022-3242
CVE-2022-3245HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.https://nvd.nist.gov/vuln/detail/CVE-2022-3245
CVE-2022-40955In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.https://nvd.nist.gov/vuln/detail/CVE-2022-40955
CVE-2021-33076Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.https://nvd.nist.gov/vuln/detail/CVE-2021-33076
CVE-2021-33079Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.https://nvd.nist.gov/vuln/detail/CVE-2021-33079
CVE-2021-33081Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.https://nvd.nist.gov/vuln/detail/CVE-2021-33081
CVE-2022-32167Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.https://nvd.nist.gov/vuln/detail/CVE-2022-32167
CVE-2022-35196TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.https://nvd.nist.gov/vuln/detail/CVE-2022-35196
CVE-2022-37204Final CMS 5.1.0 is vulnerable to SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2022-37204
CVE-2022-38916A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious fileshttps://nvd.nist.gov/vuln/detail/CVE-2022-38916
CVE-2016-20015In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.https://nvd.nist.gov/vuln/detail/CVE-2016-20015
CVE-2017-20147In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.https://nvd.nist.gov/vuln/detail/CVE-2017-20147
CVE-2017-20148In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.https://nvd.nist.gov/vuln/detail/CVE-2017-20148
CVE-2022-26873A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: PlatformInitAdvancedPreMem SHA256: 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b Module GUID: EEEE611D-F78F-4FB9-B868-55907F169280 This issue affects: AMI Aptio 5.x.https://nvd.nist.gov/vuln/detail/CVE-2022-26873
CVE-2022-2154An attacker with physical access can exploit this vulnerability to execute arbitrary code during DXE phase. A malicious code installed as a result of vulnerability exploitation in DXE driver could survive across an operating system (OS) boot process and runtime This issue affects: Module name: AMITSE SHA256: 288769fcb374d9280735e259c579e2dc209491f4da43b085d6aabc2d6e6ee57d Module GUID: b1da0adf-4f77-4070-a88e-bffe1c60529a This issue affects: AMI Aptio 5.x.https://nvd.nist.gov/vuln/detail/CVE-2022-2154
CVE-2022-37205JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2022-37205
CVE-2022-37259A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.https://nvd.nist.gov/vuln/detail/CVE-2022-37259
CVE-2022-37265Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.https://nvd.nist.gov/vuln/detail/CVE-2022-37265
CVE-2022-38340Safe Software FME Server v2022.0.1.1 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.https://nvd.nist.gov/vuln/detail/CVE-2022-38340
CVE-2022-38955An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9.https://nvd.nist.gov/vuln/detail/CVE-2022-38955
CVE-2022-38956An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2022-38956
CVE-2022-39974WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h.https://nvd.nist.gov/vuln/detail/CVE-2022-39974
CVE-2022-40246A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: SbPei SHA256: d827182e5f9b7a9ff0b9d3e232f7cfac43b5237e2681e11f005be627a49283a9 Module GUID: c1fbd624-27ea-40d1-aa48-94c3dc5c7e0dhttps://nvd.nist.gov/vuln/detail/CVE-2022-40246
CVE-2022-40250An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: SmmSmbiosElog SHA256: 3a8acb4f9bddccb19ec3b22b22ad97963711550f76b27b606461cd5073a93b59 Module GUID: 8e61fd6b-7a8b-404f-b83f-aa90a47cabdf This issue affects: AMI Aptio 5.x. This issue affects: AMI Aptio 5.x.https://nvd.nist.gov/vuln/detail/CVE-2022-40250
CVE-2022-40261An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: OverClockSmiHandler SHA256: a204699576e1a48ce915d9d9423380c8e4c197003baf9d17e6504f0265f3039c Module GUID: 4698C2BD-A903-410E-AD1F-5EEF3A1AE422https://nvd.nist.gov/vuln/detail/CVE-2022-40261
CVE-2022-40262A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71https://nvd.nist.gov/vuln/detail/CVE-2022-40262
CVE-2022-41138In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-41138
CVE-2022-30579The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.https://nvd.nist.gov/vuln/detail/CVE-2022-30579
CVE-2020-36602There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.https://nvd.nist.gov/vuln/detail/CVE-2020-36602
CVE-2021-46834A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).https://nvd.nist.gov/vuln/detail/CVE-2021-46834
CVE-2021-46835There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.https://nvd.nist.gov/vuln/detail/CVE-2021-46835
CVE-2022-33735There is a password verification vulnerability in WS7200-10 11.0.2.13. Attackers on the LAN may use brute force cracking to obtain passwords, which may cause sensitive system information to be disclosed.https://nvd.nist.gov/vuln/detail/CVE-2022-33735
CVE-2022-37395A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.https://nvd.nist.gov/vuln/detail/CVE-2022-37395
CVE-2022-37877A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-37877
CVE-2022-37878Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-37878
CVE-2022-37879Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-37879
CVE-2022-37880Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-37880
CVE-2022-37881Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-37881
CVE-2022-37882Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-37882
CVE-2022-37883Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-37883
CVE-2022-37884A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the guest interface in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-37884
CVE-2022-38931A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38931
CVE-2022-39218The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the `Math.random` and `crypto.getRandomValues` methods fail to use sufficiently random values. The initial value to seed the PRNG (pseudorandom number generator) is baked-in to the final WebAssembly module, making the sequence of random values for that specific WebAssembly module predictable. An attacker can use the fixed seed to predict random numbers generated by these functions and bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators. The problem has been patched in version 0.5.3. No known workarounds exist.https://nvd.nist.gov/vuln/detail/CVE-2022-39218
CVE-2022-40008SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c.https://nvd.nist.gov/vuln/detail/CVE-2022-40008
CVE-2022-40009SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c.https://nvd.nist.gov/vuln/detail/CVE-2022-40009
CVE-2022-23685A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can convince an authenticated user of the interface to interact with a specially crafted URL in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-23685
CVE-2022-23692Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-23692
CVE-2022-23693Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-23693
CVE-2022-23694Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-23694
CVE-2022-23695Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-23695
CVE-2022-23696Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-23696
CVE-2022-26696This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.https://nvd.nist.gov/vuln/detail/CVE-2022-26696
CVE-2022-28637A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-28637
CVE-2022-28638An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-28638
CVE-2022-28639A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.https://nvd.nist.gov/vuln/detail/CVE-2022-28639
CVE-2022-28640A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses this security vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-28640
CVE-2022-32788A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. A remote user may be able to cause kernel code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-32788
CVE-2022-32795This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing.https://nvd.nist.gov/vuln/detail/CVE-2022-32795
CVE-2022-32802A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-32802
CVE-2022-32854This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.https://nvd.nist.gov/vuln/detail/CVE-2022-32854
CVE-2022-32861A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.https://nvd.nist.gov/vuln/detail/CVE-2022-32861
CVE-2022-32863A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-32863
CVE-2022-32864The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory.https://nvd.nist.gov/vuln/detail/CVE-2022-32864
CVE-2022-32868A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.https://nvd.nist.gov/vuln/detail/CVE-2022-32868
CVE-2022-32872A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.https://nvd.nist.gov/vuln/detail/CVE-2022-32872
CVE-2022-32880This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data.https://nvd.nist.gov/vuln/detail/CVE-2022-32880
CVE-2022-32882This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.https://nvd.nist.gov/vuln/detail/CVE-2022-32882
CVE-2022-32883A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.https://nvd.nist.gov/vuln/detail/CVE-2022-32883
CVE-2022-32886A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-32886
CVE-2022-32908A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-32908
CVE-2022-32911The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-32911
CVE-2022-32912An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-32912
CVE-2022-32917The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..https://nvd.nist.gov/vuln/detail/CVE-2022-32917
CVE-2022-40357A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-40357
CVE-2022-39220SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.https://nvd.nist.gov/vuln/detail/CVE-2022-39220
CVE-2022-35957Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/https://nvd.nist.gov/vuln/detail/CVE-2022-35957