Security Bulletin 02 Nov 2022

Published on 02 Nov 2022

Updated on 02 Nov 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Critical vulnerabilities with a base score of 9.0 to 10.0
High vulnerabilities with a base score of 7.0 to 8.9
Medium vulnerabilities with a base score of 4.0 to 6.9
Low vulnerabilities with a base score of 0.1 to 3.9
None vulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2021-37705 OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default --multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token's `issuer` against an administrator-configured allowlist. As a workaround users can restrict access to the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-37705
CVE-2022-22536 SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-22536
CVE-2022-22947 In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-22947
CVE-2022-33192 Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_SSID` and `WL_SSID_HEX` configuration values in the function at offset `0x1c7d28` of firmware 6.9Z. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-33192
CVE-2022-33193 Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability specifically focuses on the unsafe use of the `WL_WPAPSK` configuration value in the function located at offset `0x1c7d28` of firmware 6.9Z. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-33193
CVE-2022-33194 Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_Key` and `WL_DefaultKeyID` configuration values in the function located at offset `0x1c7d28` of firmware 6.9Z , and even more specifically on the command execution occuring at offset `0x1c7f6c`. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-33194
CVE-2022-33195 Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `WL_DefaultKeyID` in the function located at offset `0x1c7d28` of firmware 6.9Z, and even more specifically on the command execution occuring at offset `0x1c7fac`. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-33195
CVE-2022-2992 A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-2992
CVE-2022-43401 A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43401
CVE-2022-33204 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `ssid_hex` HTTP parameter to construct an OS Command at offset `0x19afc0` of the `/root/hpgw` binary included in firmware 6.9Z. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-33204
CVE-2022-33205 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `wpapsk_hex` HTTP parameter to construct an OS Command at offset `0x19b0ac` of the `/root/hpgw` binary included in firmware 6.9Z. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-33205
CVE-2022-33206 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on the unsafe use of the `key` and `default_key_id` HTTP parameters to construct an OS Command crafted at offset `0x19b1f4` of the `/root/hpgw` binary included in firmware 6.9Z. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-33206
CVE-2022-33207 Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability focuses on a second unsafe use of the `default_key_id` HTTP parameter to construct an OS Command at offset `0x19B234` of the `/root/hpgw` binary included in firmware 6.9Z. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-33207
CVE-2022-39321 GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered in versions prior to 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4 that allows an input to escape the environment variable and modify that docker command invocation directly. Jobs that use container actions, job containers, or service containers alongside untrusted user inputs in environment variables may be vulnerable. The Actions Runner has been patched, both on `github.com` and hotfixes for GHES and GHAE customers in versions 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. GHES and GHAE customers may want to patch their instance in order to have their runners automatically upgrade to these new runner versions. As a workaround, users may consider removing any container actions, job containers, or service containers from their jobs until they are able to upgrade their runner versions. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2022-39321
CVE-2018-8967 An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-8967
CVE-2018-9309 An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-9309
CVE-2018-16530 A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-16530
CVE-2019-13990 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-13990
CVE-2019-10746 mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-10746
CVE-2019-16942 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16942
CVE-2019-16943 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16943
CVE-2019-17531 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17531
CVE-2019-17545 GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17545
CVE-2019-19948 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19948
CVE-2019-19950 In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19950
CVE-2019-19951 In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19951
CVE-2019-20330 FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-20330
CVE-2019-18641 Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-18641
CVE-2020-8479 For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8479
CVE-2018-1285 Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-1285
CVE-2020-9296 Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9296
CVE-2020-17368 Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17368
CVE-2020-17496 vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17496
CVE-2020-17463 FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17463
CVE-2020-10283 The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message. Since this negotiation depends on the answer, an attacker may craft packages in a way that hints the autopilot to adopt version 1.0 of MAVLink for the communication. Given the lack of authentication capabilities in such version of MAVLink (refer to CVE-2020-10282), attackers may use this method to bypass authentication capabilities and interact with the autopilot directly. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10283
CVE-2020-7561 A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7561
CVE-2021-3406 A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3406
CVE-2020-22001 HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22001
CVE-2020-21994 AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21994
CVE-2020-20951 In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-20951
CVE-2021-34427 In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34427
CVE-2021-34621 A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34621
CVE-2020-24133 A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24133
CVE-2021-33592 NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33592
CVE-2021-35964 The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35964
CVE-2021-35965 The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35965
CVE-2020-21937 An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21937
CVE-2021-24036 Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24036
CVE-2020-19301 A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19301
CVE-2020-23151 rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23151
CVE-2020-18698 Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-18698
CVE-2020-18701 Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-18701
CVE-2020-22937 A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22937
CVE-2021-34730 A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34730
CVE-2021-38412 Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38412
CVE-2021-36260 A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36260
CVE-2021-36879 Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36879
CVE-2021-3833 Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3833
CVE-2020-22724 A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22724
CVE-2021-38457 The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38457
CVE-2020-22079 Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22079
CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35368
CVE-2020-23873 pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23873
CVE-2020-23874 pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-23874
CVE-2021-43361 Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43361
CVE-2021-43362 Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43362
CVE-2021-36888 Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36888
CVE-2021-37706 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37706
CVE-2021-45707 An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45707
CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0318
CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23852
CVE-2021-3657 A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3657
CVE-2022-23608 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23608
CVE-2022-24754 PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24754
CVE-2022-23943 Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23943
CVE-2020-15591 fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15591
CVE-2022-1040 An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1040
CVE-2022-25521 NUUO v03.11.00 was discovered to contain access control issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25521
CVE-2022-28219 Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28219
CVE-2022-24786 PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24786
CVE-2021-3652 A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3652
CVE-2021-3849 An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3849
CVE-2022-24883 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24883
CVE-2022-28452 Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28452
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30767
CVE-2022-29021 A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29021
CVE-2022-29022 A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29022
CVE-2022-29023 A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29023
CVE-2022-1014 The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1014
CVE-2022-29599 In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29599
CVE-2022-31003 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31003
CVE-2022-31031 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31031
CVE-2022-2042 Use After Free in GitHub repository vim/vim prior to 8.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2042
CVE-2021-37404 There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37404
CVE-2022-27668 Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27668
CVE-2022-24562 In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24562
CVE-2021-38945 IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38945
CVE-2022-30885 The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30885
CVE-2022-32295 On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32295
CVE-2022-2274 The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2274
CVE-2022-34265 An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34265
CVE-2022-33980 Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33980
CVE-2022-32207 When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32207
CVE-2017-20135 A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-20135
CVE-2022-2143 The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2143
CVE-2022-34115 DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34115
CVE-2022-36450 Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36450
CVE-2020-7677 This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7677
CVE-2022-2564 Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2564
CVE-2022-35223 EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35223
CVE-2022-32964 OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32964
CVE-2022-32965 OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32965
CVE-2022-25168 Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25168
CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37434
CVE-2022-37452 Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37452
CVE-2022-37042 Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37042
CVE-2022-37061 All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the root privileges. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37061
CVE-2022-38667 HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38667
CVE-2022-31814 pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31814
CVE-2022-40674 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40674
CVE-2022-35914 /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35914
CVE-2022-28811 In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28811
CVE-2020-15331 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15331
CVE-2020-15332 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15332
CVE-2020-15347 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15347
CVE-2022-39237 syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39237
CVE-2022-39244 PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39244
CVE-2022-37616 A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37616
CVE-2022-37601 Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37601
CVE-2022-42968 Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42968
CVE-2022-37454 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37454
CVE-2022-3649 A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3649
CVE-2022-27804 An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27804
CVE-2022-27805 An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27805
CVE-2022-29472 An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29472
CVE-2022-29477 An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29477
CVE-2022-29520 An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29520
CVE-2022-29851 documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29851
CVE-2022-29889 A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. Use of a hard-coded root password can lead to arbitrary command execution. An attacker can authenticate with hard-coded credentials to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29889
CVE-2022-30541 An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30541
CVE-2022-32454 A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32454
CVE-2022-32765 An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32765
CVE-2022-32773 An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32773
CVE-2022-33150 An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33150
CVE-2022-33189 An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33189
CVE-2022-33938 A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33938
CVE-2022-35244 A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35244
CVE-2022-35874 Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid` and `ssid_hex` configuration parameters, as used within the `testWifiAP` XCMD handler 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35874
CVE-2022-35875 Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk` configuration parameter, as used within the `testWifiAP` XCMD handler 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35875
CVE-2022-35876 Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35876
CVE-2022-35877 Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` configuration parameter, as used within the `testWifiAP` XCMD handler 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35877
CVE-2022-38580 Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38580
CVE-2022-39312 Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39312
CVE-2022-39322 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their field-level access control not being used. List-level access control is not affected. Field-level access control for fields other than `multiselect` are not affected. Version 2.3.1 contains a fix for this issue. As a workaround, stop using the `multiselect` field. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39322
CVE-2022-39327 Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39327
CVE-2022-39341 OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39341
CVE-2022-39342 OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything other than a direct relationship (e.g. ‘as self’) are vulnerable. Version 0.2.4 contains a patch for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39342
CVE-2022-3393 The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3393
CVE-2022-36452 A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36452
CVE-2022-41711 Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41711
CVE-2022-43747 baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43747
CVE-2022-29822 Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29822
CVE-2022-29823 Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29823
CVE-2022-2421 Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2421
CVE-2022-2422 Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2422
CVE-2022-39357 Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39357
CVE-2022-42468 Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42468
CVE-2022-3671 A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3671
CVE-2022-3674 A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3674
CVE-2022-43774 The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43774
CVE-2022-43775 The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43775
CVE-2022-42998 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42998
CVE-2022-43000 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43000
CVE-2022-43001 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43001
CVE-2022-43002 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43002
CVE-2022-43003 D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43003
CVE-2022-39355 Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39355
CVE-2022-3363 Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3363
CVE-2022-3714 A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Affected is an unknown function of the file admin/?page=orders/view_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-212346 is the identifier assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3714
CVE-2022-3717 A vulnerability, which was classified as critical, has been found in Exiv2. Affected by this issue is the function BmffImage::boxHandler of the file bmffimage.cpp. The manipulation leads to memory corruption. The attack may be launched remotely. The name of the patch is a58e52ed702d3bc7b8bab7ec1d70a4849eebece3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212348. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3717
CVE-2022-3719 A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3719
CVE-2022-39365 Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\\Layout\\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39365
CVE-2022-3095 The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3095
CVE-2022-43367 IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43367
CVE-2022-39976 School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39976
CVE-2022-3385 Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3385
CVE-2022-3386 Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3386
CVE-2022-40876 In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40876
CVE-2022-33859 A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33859
CVE-2022-37913 Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37913
CVE-2022-37914 Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37914
CVE-2022-37915 A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37915
CVE-2022-3729 A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3729
CVE-2022-3730 A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file /api/v1/attack/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3730
CVE-2022-3731 A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3731
CVE-2022-3732 A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file /api/v1/bait/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3732
CVE-2022-3734 A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3734
CVE-2022-3735 A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3735
CVE-2022-3320 It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3320
CVE-2022-3741 Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; however, it is possible to identify the output Status Code to separate accounts that are generated and waiting for email verification. \\n\\nFor the sign in directories, it is possible to brute force login attempts to either login portal, which could lead to account compromise. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3741
CVE-2021-37782 Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-37782
CVE-2021-38734 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38734
CVE-2021-38736 SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38736
CVE-2021-38737 SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38737
CVE-2021-38217 SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38217
CVE-2021-38729 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38729
CVE-2021-38730 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38730
CVE-2021-38731 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38731
CVE-2021-38732 SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38732
CVE-2021-38733 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38733
CVE-2022-39366 DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39366
CVE-2022-43168 Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43168
CVE-2022-43286 Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43286
CVE-2022-2826 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2826
CVE-2022-3754 Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3754
CVE-2021-42777 Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42777
CVE-2022-42915 curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42915
CVE-2022-40741 Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40741
CVE-2022-37623 Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37623
CVE-2020-21016 D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21016
CVE-2022-3771 A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3771
CVE-2021-40241 xfig 3.2.7 is vulnerable to Buffer Overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40241
CVE-2022-3254 The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3254
CVE-2022-40471 Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40471
CVE-2022-44542 lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44542
CVE-2022-2572 In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2572
CVE-2020-6469 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2020-6469
CVE-2021-36779 A Improper Access Control vulnerability inf SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-36779
CVE-2022-0973 Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-0973
CVE-2022-0977 Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-0977
CVE-2022-1853 Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-1853
CVE-2022-3075 Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-3075
CVE-2022-28763 The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-28763
CVE-2022-22524 In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services . 9.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22524
CVE-2022-2010 Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 9.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2010
CVE-2019-19949 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-19949
CVE-2019-19953 In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-19953
CVE-2020-11015 A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-11015
CVE-2021-32654 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32654
CVE-2021-31838 A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-31838
CVE-2020-19038 File Deletion vulnerability in Halo 0.4.3 via delBackup. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-19038
CVE-2020-26705 The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26705
CVE-2021-43845 PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43845
CVE-2021-3850 Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3850
CVE-2022-21722 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21722
CVE-2022-21723 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21723
CVE-2021-40053 There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40053
CVE-2022-1586 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1586
CVE-2022-1587 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1587
CVE-2021-33473 An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33473
CVE-2022-1996 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1996
CVE-2022-32215 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-32215
CVE-2022-39269 PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39269
CVE-2022-27623 Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27623
CVE-2022-33897 A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-33897
CVE-2022-2782 In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2782
CVE-2022-31678 VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31678
CVE-2022-3774 A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3774
CVE-2022-32177 In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. 9 https://nvd.nist.gov/vuln/detail/CVE-2022-32177
CVE-2022-32176 In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover. 9 https://nvd.nist.gov/vuln/detail/CVE-2022-32176

OTHER VULNERABILITIES
CVE Number Description Base Score Reference
CVE-2017-16544 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-16544
CVE-2019-0542 A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-0542
CVE-2018-14550 An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-14550
CVE-2018-21010 OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-21010
CVE-2020-14005 Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14005
CVE-2020-14374 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14374
CVE-2020-26217 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-26217
CVE-2021-28664 The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28664
CVE-2021-3528 A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3528
CVE-2021-33477 rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33477
CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10065
CVE-2020-22034 A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22034
CVE-2021-23169 A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-23169
CVE-2021-34622 A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. . 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34622
CVE-2021-32679 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. Administrators of Nextcloud instances do not have a workaround available, but developers of Nextcloud apps may manually escape the file name before passing it into `DownloadResponse`. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32679
CVE-2021-32688 Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32688
CVE-2021-30560 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30560
CVE-2020-18875 Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-18875
CVE-2020-22120 A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-22120
CVE-2021-35213 An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35213
CVE-2021-34435 In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34435
CVE-2021-21897 A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21897
CVE-2020-19155 Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-19155
CVE-2021-39537 An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39537
CVE-2021-3626 The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3626
CVE-2021-32765 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32765
CVE-2021-41159 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41159
CVE-2021-41160 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41160
CVE-2021-34864 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13543. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34864
CVE-2021-28710 certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table's address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28710
CVE-2021-27855 FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27855
CVE-2021-44648 GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44648
CVE-2021-34865 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34865
CVE-2022-25175 Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25175
CVE-2022-25192 A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25192
CVE-2022-23642 Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23642
CVE-2022-0729 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0729
CVE-2022-0507 Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0507
CVE-2021-3748 A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3748
CVE-2022-1049 A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1049
CVE-2021-36775 a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36775
CVE-2021-36776 A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36776
CVE-2022-0789 Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0789
CVE-2022-0793 Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0793
CVE-2022-0794 Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0794
CVE-2022-0795 Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0795
CVE-2022-0796 Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0796
CVE-2022-0797 Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0797
CVE-2022-0798 Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0798
CVE-2022-0799 Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0799
CVE-2022-25989 An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25989
CVE-2022-29221 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29221
CVE-2021-33036 In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33036
CVE-2022-31626 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31626
CVE-2022-30670 RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30670
CVE-2022-2185 A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2185
CVE-2022-30550 An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30550
CVE-2022-33891 The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33891
CVE-2022-0971 Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0971
CVE-2022-0972 Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0972
CVE-2022-0974 Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0974
CVE-2022-0975 Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0975
CVE-2022-0976 Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0976
CVE-2022-0978 Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0978
CVE-2022-0979 Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0979
CVE-2022-0980 Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0980
CVE-2022-1096 Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1096
CVE-2022-1125 Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1125
CVE-2022-1127 Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1127
CVE-2022-26307 LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26307
CVE-2022-33745 insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33745
CVE-2022-1496 Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1496
CVE-2022-1633 Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1633
CVE-2022-1634 Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1634
CVE-2022-1635 Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1635
CVE-2022-1636 Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1636
CVE-2022-1639 Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1639
CVE-2022-1640 Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1640
CVE-2022-1641 Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1641
CVE-2022-1854 Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1854
CVE-2022-1855 Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1855
CVE-2022-1856 Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1856
CVE-2022-1857 Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1857
CVE-2022-1859 Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1859
CVE-2022-1860 Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1860
CVE-2022-1861 Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1861
CVE-2022-1863 Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1863
CVE-2022-1864 Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1864
CVE-2022-1865 Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1865
CVE-2022-1866 Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1866
CVE-2022-1870 Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1870
CVE-2022-1874 Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1874
CVE-2022-1876 Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1876
CVE-2022-2007 Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2007
CVE-2022-2008 Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2008
CVE-2022-2011 Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2011
CVE-2022-2156 Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2156
CVE-2022-2157 Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2157
CVE-2022-2158 Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2158
CVE-2022-2161 Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2161
CVE-2022-2163 Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2163
CVE-2022-2294 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2294
CVE-2022-2295 Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2295
CVE-2022-2296 Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2296
CVE-2022-36359 An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36359
CVE-2022-2603 Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2603
CVE-2022-2604 Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2604
CVE-2022-2606 Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2606
CVE-2022-2607 Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2607
CVE-2022-2608 Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2608
CVE-2022-2609 Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2609
CVE-2022-2613 Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2613
CVE-2022-2614 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2614
CVE-2022-2617 Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2617
CVE-2022-2620 Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2620
CVE-2022-2621 Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2621
CVE-2022-2623 Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2623
CVE-2022-2624 Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2624
CVE-2022-2818 Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2818
CVE-2022-32893 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32893
CVE-2022-40320 cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40320
CVE-2022-32886 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32886
CVE-2022-32912 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32912
CVE-2022-2852 Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2852
CVE-2022-2853 Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2853
CVE-2022-2854 Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2854
CVE-2022-2855 Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2855
CVE-2022-2857 Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2857
CVE-2022-2858 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2858
CVE-2022-2859 Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2859
CVE-2022-3038 Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3038
CVE-2022-3039 Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3039
CVE-2022-3040 Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3040
CVE-2022-3041 Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3041
CVE-2022-3042 Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3042
CVE-2022-3043 Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3043
CVE-2022-3045 Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3045
CVE-2022-3046 Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3046
CVE-2022-3049 Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3049
CVE-2022-3050 Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3050
CVE-2022-3051 Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3051
CVE-2022-3052 Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3052
CVE-2022-3055 Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3055
CVE-2022-3058 Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3058
CVE-2022-3071 Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3071
CVE-2022-3195 Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3195
CVE-2022-3196 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3196
CVE-2022-3197 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3197
CVE-2022-3198 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3198
CVE-2022-3199 Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3199
CVE-2022-3200 Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3200
CVE-2022-32166 In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32166
CVE-2022-40469 iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40469
CVE-2022-42719 A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42719
CVE-2022-39260 Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39260
CVE-2022-30603 An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30603
CVE-2022-32586 An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32586
CVE-2022-32775 An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32775
CVE-2022-35132 Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35132
CVE-2022-35878 Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `ST` and `Location` HTTP response headers, as used within the `DoEnumUPnPService` action handler. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35878
CVE-2022-35879 Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `controlURL` XML tag, as used within the `DoUpdateUPnPbyService` action handler. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35879
CVE-2022-35880 Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `NewInternalClient` XML tag, as used within the `DoUpdateUPnPbyService` action handler. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35880
CVE-2022-35881 Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicious UPnP service to trigger these vulnerabilities.This vulnerability arises from format string injection via `errorCode` and `errorDescription` XML tags, as used within the `DoUpdateUPnPbyService` action handler. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35881
CVE-2022-35884 Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `ssid_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35884
CVE-2022-35885 Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `wpapsk_hex` HTTP parameter, as used within the `/action/wirelessConnect` handler. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35885
CVE-2022-35886 Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` HTTP parameters, as used within the `/action/wirelessConnect` handler. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35886
CVE-2022-35887 Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` HTTP parameter, as used within the `/action/wirelessConnect` handler. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35887
CVE-2022-39326 kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the `run-terraform` reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the context of the workflow. Users should upgrade to at least version 2.7.5 to resolve the issue. As a workaround, review any pull requests from external users for malicious payloads before allowing them to trigger a build. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39326
CVE-2022-3246 The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3246
CVE-2022-3395 The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with the Administrator role can perform exports, but this can be delegated to lower privileged users as well. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3395
CVE-2022-36451 A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36451
CVE-2022-36453 A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36453
CVE-2022-38181 An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38181
CVE-2022-28169 Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28169
CVE-2022-33179 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33179
CVE-2022-33183 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33183
CVE-2022-43749 Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43749
CVE-2022-39944 In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39944
CVE-2022-40238 A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40238
CVE-2022-37202 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37202
CVE-2022-39361 Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 (Sample Database) could allow Remote Code Execution (RCE), which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer allows DDL statements in H2 native queries. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39361
CVE-2022-39362 Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer automatically executes ad-hoc native queries. Now the native editor shows the query and gives the user the option to manually run the query if they want. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39362
CVE-2022-39286 Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39286
CVE-2022-41996 Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41996
CVE-2022-0073 Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0073
CVE-2022-0074 Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0074
CVE-2022-43340 A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43340
CVE-2022-40967 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40967
CVE-2022-41133 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41133
CVE-2022-41773 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41773
CVE-2022-3733 A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3733
CVE-2022-3512 Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3512
CVE-2021-35387 Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35387
CVE-2022-2864 The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2864
CVE-2022-3756 A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3756
CVE-2022-3757 A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3757
CVE-2022-44019 In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-44019
CVE-2022-3770 A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3770
CVE-2022-3772 A vulnerability, which was classified as problematic, was found in easyii CMS. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. VDB-212502 is the identifier assigned to this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3772
CVE-2022-3357 The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3357
CVE-2022-41681 There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41681
CVE-2022-42923 Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete' function in order to dump the entire database or delete all contents from the 'core_user_file' table. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42923
CVE-2022-42925 There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42925
CVE-2022-39016 Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-39016
CVE-2022-3370 Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3370
CVE-2022-3373 Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chrome security severity: High) 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3373
CVE-2020-3407 A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-3407
CVE-2020-3408 A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-3408
CVE-2020-3499 A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and preventing the management of dependent devices. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-3499
CVE-2021-25220 BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-25220
CVE-2022-30034 Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-30034
CVE-2022-20933 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-20933
CVE-2021-38486 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38486
CVE-2022-3337 It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. 8.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3337
CVE-2020-2803 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). 8.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2803
CVE-2020-2805 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). 8.3 https://nvd.nist.gov/vuln/detail/CVE-2020-2805
CVE-2020-14583 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). 8.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14583
CVE-2022-24475 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24475
CVE-2022-26891 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26891
CVE-2022-26894 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26894
CVE-2022-26895 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26895
CVE-2022-26900 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26900
CVE-2022-26908 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26908
CVE-2022-26909 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26909
CVE-2022-26912 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26912
CVE-2022-30127 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30127
CVE-2022-30128 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30128
CVE-2022-30192 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30192
CVE-2022-33638 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-33638
CVE-2022-41035 Microsoft Edge (Chromium-based) Spoofing Vulnerability. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-41035
CVE-2021-38461 The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-38461
CVE-2022-29181 Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-29181
CVE-2022-21571 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.36. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21571
CVE-2022-1012 A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1012
CVE-2022-32245 SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-32245
CVE-2022-2881 The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-2881
CVE-2022-3321 It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3321
CVE-2019-17498 In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2019-17498
CVE-2020-2604 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-2604
CVE-2020-13299 A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13299
CVE-2020-9048 A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-9048
CVE-2021-35221 Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-35221
CVE-2021-38463 The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-38463
CVE-2021-41177 Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41177
CVE-2021-36909 Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36909
CVE-2021-36780 A Improper Access Control vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36780
CVE-2021-45710 An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45710
CVE-2022-22576 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22576
CVE-2022-1965 Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1965
CVE-2022-31084 LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31084
CVE-2022-2469 GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2469
CVE-2022-31163 TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z`. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31163
CVE-2022-41674 An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-41674
CVE-2022-29475 An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29475
CVE-2022-38196 Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38196
CVE-2022-20822 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20822
CVE-2022-3360 The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3360
CVE-2022-30287 Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-30287
CVE-2022-21225 Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-21225
CVE-2020-0683 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-0683
CVE-2019-16011 A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16011
CVE-2020-3403 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3403
CVE-2021-21063 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21063
CVE-2021-21071 Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21071
CVE-2021-3462 A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3462
CVE-2021-3493 The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3493
CVE-2021-3496 A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3496
CVE-2020-21827 A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-21827
CVE-2021-25321 A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25321
CVE-2021-34326 A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34326
CVE-2021-28701 Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28701
CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3778
CVE-2021-31359 A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31359
CVE-2021-34755 Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-34755
CVE-2021-3787 A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3787
CVE-2021-43019 Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43019
CVE-2021-35033 A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35033
CVE-2021-43518 Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43518
CVE-2021-0981 In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-191981182 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0981
CVE-2022-0261 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0261
CVE-2021-36339 The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36339
CVE-2021-45844 Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45844
CVE-2021-45845 The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45845
CVE-2022-0351 Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0351
CVE-2021-40167 A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40167
CVE-2022-0359 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0359
CVE-2022-0361 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0361
CVE-2022-0368 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0368
CVE-2022-0392 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0392
CVE-2022-22528 SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22528
CVE-2022-0554 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0554
CVE-2022-0572 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0572
CVE-2022-0629 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0629
CVE-2022-0685 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0685
CVE-2022-24396 The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24396
CVE-2022-26981 Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26981
CVE-2022-20001 fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20001
CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0943
CVE-2022-25486 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25486
CVE-2021-28277 A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28277
CVE-2021-28278 A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-28278
CVE-2022-27940 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27940
CVE-2022-27941 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27941
CVE-2022-27942 tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27942
CVE-2022-27416 Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27416
CVE-2022-27418 Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27418
CVE-2022-1381 global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1381
CVE-2022-27525 A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27525
CVE-2022-27527 A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27527
CVE-2021-38427 RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38427
CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1616
CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1619
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1621
CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1629
CVE-2022-28838 Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28838
CVE-2021-0190 Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0190
CVE-2021-33122 Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33122
CVE-2021-33123 Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33123
CVE-2022-1679 A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1679
CVE-2022-1733 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1733
CVE-2022-1769 Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1769
CVE-2022-1735 Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1735
CVE-2022-1851 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1851
CVE-2022-1882 A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1882
CVE-2022-26744 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26744
CVE-2022-26768 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26768
CVE-2022-1898 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1898
CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1897
CVE-2022-1927 Buffer Over-read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1927
CVE-2022-1942 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1942
CVE-2022-1652 Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1652
CVE-2022-1786 A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1786
CVE-2022-1968 Use After Free in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1968
CVE-2022-2000 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2000
CVE-2022-31214 A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31214
CVE-2022-30166 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30166
CVE-2022-2124 Buffer Over-read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2124
CVE-2022-2125 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2125
CVE-2022-2126 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2126
CVE-2022-1720 Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1720
CVE-2022-34918 An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34918
CVE-2022-2344 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2344
CVE-2022-34465 A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34465
CVE-2022-29187 Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29187
CVE-2022-22031 Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22031
CVE-2022-1922 DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1922
CVE-2022-1923 DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1923
CVE-2022-1924 DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1924
CVE-2022-1925 DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1925
CVE-2021-46829 GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46829
CVE-2017-20144 A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-20144
CVE-2022-2522 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2522
CVE-2022-36833 Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36833
CVE-2022-36840 DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36840
CVE-2022-2819 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2819
CVE-2022-34711 Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34705, CVE-2022-35771. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34711
CVE-2022-31262 An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31262
CVE-2021-33060 Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33060
CVE-2022-37047 The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37047
CVE-2022-37048 The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37048
CVE-2022-37049 The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37049
CVE-2022-38171 Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38171
CVE-2022-31676 VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31676
CVE-2021-4037 A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4037
CVE-2022-32894 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32894
CVE-2021-35938 A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35938
CVE-2021-35939 It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35939
CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38784
CVE-2022-24106 In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24106
CVE-2022-24107 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24107
CVE-2022-2319 A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2319
CVE-2022-2320 A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2320
CVE-2022-37956 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37956
CVE-2022-3176 There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3176
CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3234
CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0490. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3235
CVE-2022-32908 A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. A user may be able to elevate privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32908
CVE-2022-32911 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32911
CVE-2022-32917 The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-32917
CVE-2022-3256 Use After Free in GitHub repository vim/vim prior to 9.0.0530. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3256
CVE-2022-41322 In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41322
CVE-2022-3296 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3296
CVE-2022-3297 Use After Free in GitHub repository vim/vim prior to 9.0.0579. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3297
CVE-2022-3324 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3324
CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3352
CVE-2022-41032 NuGet Client Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41032
CVE-2022-20421 In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20421
CVE-2022-42720 Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42720
CVE-2022-41751 Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41751
CVE-2022-41741 NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41741
CVE-2022-3625 A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3625
CVE-2022-38435 Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38435
CVE-2022-38436 Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-38436
CVE-2022-33182 A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33182
CVE-2022-33184 A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33184
CVE-2022-33185 Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33185
CVE-2022-43750 drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43750
CVE-2022-31256 A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31256
CVE-2022-3662 A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3662
CVE-2022-3664 A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3664
CVE-2022-3665 A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3665
CVE-2022-3666 A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3666
CVE-2022-3670 A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3670
CVE-2022-3378 Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3378
CVE-2022-3379 Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3379
CVE-2022-43281 wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43281
CVE-2022-41973 multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41973
CVE-2022-41974 multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-41974
CVE-2021-38392 A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2021-38392
CVE-2021-28702 PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2021-28702
CVE-2017-8516 Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability". 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-8516
CVE-2017-9946 A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-9946
CVE-2018-8965 An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8965
CVE-2018-8966 An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8966
CVE-2018-8968 An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8968
CVE-2018-8969 An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8969
CVE-2018-9331 An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-9331
CVE-2019-5747 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5747
CVE-2019-0210 In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-0210
CVE-2019-5815 Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5815
CVE-2020-8475 For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8475
CVE-2020-8476 For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8476
CVE-2020-12100 In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12100
CVE-2020-25708 A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25708
CVE-2020-35896 An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35896
CVE-2021-20990 In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20990
CVE-2021-2310 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-2310
CVE-2021-30638 Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30638
CVE-2020-21996 AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21996
CVE-2021-29509 Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29509
CVE-2021-33587 The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33587
CVE-2021-33560 Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33560
CVE-2021-27597 SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27597
CVE-2021-27606 SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27606
CVE-2021-27607 SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27607
CVE-2021-27628 SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27628
CVE-2021-27629 SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27629
CVE-2021-27630 SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27630
CVE-2021-27631 SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27631
CVE-2021-27632 SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27632
CVE-2021-27633 SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27633
CVE-2020-24939 Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24939
CVE-2021-30639 A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30639
CVE-2021-32705 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32705
CVE-2021-33900 While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33900
CVE-2021-36386 report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36386
CVE-2021-3673 A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3673
CVE-2020-23148 The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23148
CVE-2020-23332 A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23332
CVE-2021-34798 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34798
CVE-2020-23469 gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23469
CVE-2020-23478 Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23478
CVE-2021-41099 Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41099
CVE-2021-41524 While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41524
CVE-2021-41773 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41773
CVE-2021-42260 TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42260
CVE-2021-42340 The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42340
CVE-2021-37624 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the `auth-messages` parameter to `true`, it is not the default setting. Abuse of this security issue allows attackers to send SIP MESSAGE messages to any SIP user agent that is registered with the server without requiring authentication. Additionally, since no authentication is required, chat messages can be spoofed to appear to come from trusted entities. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. This issue is patched in version 1.10.7. Maintainers recommend that this SIP message type is authenticated by default so that FreeSWITCH administrators do not need to be explicitly set the `auth-messages` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37624
CVE-2020-28702 A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28702
CVE-2021-34741 A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34741
CVE-2021-39920 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39920
CVE-2021-39928 NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39928
CVE-2021-39921 NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39921
CVE-2021-39922 Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39922
CVE-2021-39924 Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39924
CVE-2021-39925 Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39925
CVE-2021-39926 Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39926
CVE-2021-39929 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39929
CVE-2021-36917 WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36917
CVE-2021-43786 Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43786
CVE-2021-45450 In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45450
CVE-2021-45451 In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45451
CVE-2021-36723 Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36723
CVE-2021-3845 ws-scrcpy is vulnerable to External Control of File Name or Path 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3845
CVE-2021-41141 PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41141
CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23990
CVE-2022-22533 Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22533
CVE-2022-21698 client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21698
CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23308
CVE-2022-0725 A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0725
CVE-2022-22547 Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22547
CVE-2021-45848 Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45848
CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26353
CVE-2022-27191 The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27191
CVE-2022-24764 PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24764
CVE-2021-28276 A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28276
CVE-2018-25032 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-25032
CVE-2022-24763 PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24763
CVE-2022-24793 PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24793
CVE-2022-24070 Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24070
CVE-2022-28366 Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28366
CVE-2022-24792 PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24792
CVE-2022-24882 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24882
CVE-2021-34589 In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34589
CVE-2022-29970 Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29970
CVE-2021-25002 The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25002
CVE-2022-28487 Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28487
CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1620
CVE-2022-30333 RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30333
CVE-2022-28739 There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28739
CVE-2022-29885 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29885
CVE-2021-33013 mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33013
CVE-2022-30049 A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30049
CVE-2022-30781 Gitea before 1.16.7 does not escape git fetch remote. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30781
CVE-2022-28948 An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28948
CVE-2022-21500 Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21500
CVE-2022-1678 An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1678
CVE-2022-31002 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31002
CVE-2022-31001 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31001
CVE-2022-29244 npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29244
CVE-2022-22390 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22390
CVE-2022-26477 The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a "low-priority but useful improvement". SystemDS is a distributed system and needs to serialize/deserialize data but in many code paths (e.g., on Spark broadcast/shuffle or writing to sequence files) the byte stream is anyway protected by additional CRC fingerprints. In this particular case though, the number of decoders is upper-bounded by twice the number of columns, which means an attacker would need to modify two entries in the byte stream in a consistent manner. By adding these checks robustness was strictly improved with almost zero overhead. These code changes are available in versions higher than 2.2.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26477
CVE-2022-32082 MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32082
CVE-2022-32084 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32084
CVE-2022-32085 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32085
CVE-2022-32087 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32087
CVE-2022-32088 MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32088
CVE-2022-32089 MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32089
CVE-2022-2309 NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2309
CVE-2022-31129 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31129
CVE-2020-29505 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29505
CVE-2022-31107 Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31107
CVE-2022-30634 Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30634
CVE-2021-46828 In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46828
CVE-2022-26306 LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26306
CVE-2022-24992 A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24992
CVE-2022-36946 nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36946
CVE-2022-35922 Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When `Vec::with_capacity` fails to allocate, the default Rust allocator will abort the current process, killing all threads. This affects only sync (non-Tokio) implementation. Async version also does not limit memory, but does not use `with_capacity`, so DoS can happen only when bytes for oversized dataframe or message actually got delivered by the attacker. The crashes are fixed in version 0.26.5 by imposing default dataframe size limits. Affected users are advised to update to this version. Users unable to upgrade are advised to filter websocket traffic externally or to only accept trusted traffic. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35922
CVE-2022-35737 SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35737
CVE-2022-32963 OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32963
CVE-2022-35216 OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35216
CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34701
CVE-2021-37150 Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37150
CVE-2022-25763 Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25763
CVE-2022-28129 Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28129
CVE-2022-31778 Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31778
CVE-2022-31779 Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31779
CVE-2022-31780 Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31780
CVE-2022-36324 Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36324
CVE-2021-40040 Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40040
CVE-2022-28131 In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28131
CVE-2022-30630 Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30630
CVE-2022-30635 Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30635
CVE-2022-32189 A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32189
CVE-2022-37006 Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37006
CVE-2022-37060 FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37060
CVE-2022-37062 All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37062
CVE-2021-20304 A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20304
CVE-2021-3800 A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3800
CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27664
CVE-2022-37797 In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37797
CVE-2022-38013 .NET Core and Visual Studio Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38013
CVE-2022-2795 By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2795
CVE-2022-2906 An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2906
CVE-2022-38177 By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38177
CVE-2022-38178 By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38178
CVE-2022-3080 By sending specific queries to the resolver, an attacker can cause named to crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3080
CVE-2022-40188 Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40188
CVE-2022-28813 In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28813
CVE-2022-39249 Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39249
CVE-2022-39251 Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39251
CVE-2022-39173 In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39173
CVE-2012-2201 IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2012-2201
CVE-2020-15327 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15327
CVE-2020-15340 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15340
CVE-2020-15341 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15341
CVE-2022-39250 Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39250
CVE-2022-20848 A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20848
CVE-2022-20856 A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20856
CVE-2022-20919 A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20919
CVE-2022-42003 In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42003
CVE-2022-42004 In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42004
CVE-2022-41556 A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41556
CVE-2022-2928 In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2928
CVE-2022-3358 OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3358
CVE-2022-39802 SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39802
CVE-2022-39282 FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39282
CVE-2022-39283 FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39283
CVE-2022-38419 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38419
CVE-2022-3559 A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3559
CVE-2022-42227 jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42227
CVE-2022-3621 A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3621
CVE-2022-43680 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43680
CVE-2022-32760 A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An attacker can send a malicious XML payload to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32760
CVE-2022-35261 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_authorized_keys/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35261
CVE-2022-35262 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_xml_file/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35262
CVE-2022-35263 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_file/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35263
CVE-2022-35264 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_aaa_cert_file/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35264
CVE-2022-35265 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_nodejs_app/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35265
CVE-2022-35266 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_firmware/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35266
CVE-2022-35267 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35267
CVE-2022-35268 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_sdk_file/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35268
CVE-2022-35269 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_e2c_json_file/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35269
CVE-2022-35270 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_wireguard_cert_file/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35270
CVE-2022-35271 A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_cert_file/` API is affected by command injection vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35271
CVE-2022-38870 Free5gc v3.2.1 is vulnerable to Information disclosure. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38870
CVE-2022-39345 Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39345
CVE-2022-41704 A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41704
CVE-2022-42890 A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42890
CVE-2022-39354 SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39354
CVE-2022-43748 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43748
CVE-2022-43766 Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43766
CVE-2022-3667 A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3667
CVE-2022-42999 D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42999
CVE-2022-3705 A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3705
CVE-2021-45475 Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45475
CVE-2022-25918 The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25918
CVE-2022-2809 A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2809
CVE-2022-3409 A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3409
CVE-2022-38744 An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38744
CVE-2022-3725 Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3725
CVE-2022-40874 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40874
CVE-2022-40875 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40875
CVE-2022-43364 An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43364
CVE-2022-43365 IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43365
CVE-2022-43366 IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43366
CVE-2022-3616 Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3616
CVE-2022-3322 Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3322
CVE-2022-37426 Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37426
CVE-2022-3697 A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3697
CVE-2022-41636 Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41636
CVE-2022-43284 Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43284
CVE-2022-43285 Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43285
CVE-2022-42916 In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
CVE-2022-40617 strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40617
CVE-2022-37620 A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37620
CVE-2022-2741 The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2741
CVE-2022-39018 Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39018
CVE-2022-39019 Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39019
CVE-2022-25885 The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25885
CVE-2020-14593 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-14593
CVE-2020-3409 A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-3409
CVE-2021-25217 In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-25217
CVE-2021-3547 OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3547
CVE-2021-34714 A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-34714
CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3618
CVE-2022-29154 An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29154
CVE-2022-36423 OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36423
CVE-2021-36002 Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-36002
CVE-2021-43804 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43804
CVE-2022-32223 Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\\Program Files\\Common Files\\SSL\\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32223
CVE-2022-32323 AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32323
CVE-2020-2038 An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-2038
CVE-2020-19822 A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-19822
CVE-2021-36029 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-36029
CVE-2021-36034 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-36034
CVE-2021-36041 Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-36041
CVE-2021-34785 Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-34785
CVE-2021-35534 Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-35534
CVE-2022-27925 Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-27925
CVE-2022-20828 A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-20828
CVE-2022-20829 A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-20829
CVE-2022-31854 Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31854
CVE-2022-36323 Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-36323
CVE-2022-40352 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-40352
CVE-2022-20851 A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-20851
CVE-2022-21600 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21600
CVE-2022-34850 An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-34850
CVE-2022-3300 The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3300
CVE-2022-3302 The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3302
CVE-2022-3335 The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3335
CVE-2022-3394 The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3394
CVE-2022-33178 A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-33178
CVE-2022-20811 Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-20811
CVE-2022-39977 Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-39977
CVE-2022-39978 Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-39978
CVE-2022-43275 Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43275
CVE-2022-43276 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43276
CVE-2021-36898 Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-36898
CVE-2022-43228 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43228
CVE-2022-43229 Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43229
CVE-2022-43230 Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43230
CVE-2022-43231 Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43231
CVE-2022-43232 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43232
CVE-2022-43233 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43233
CVE-2022-3334 The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3334
CVE-2022-3366 The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3366
CVE-2022-3374 The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3374
CVE-2022-3380 The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-3380
CVE-2022-43353 Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43353
CVE-2022-43354 Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43354
CVE-2022-43355 Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43355
CVE-2022-43124 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43124
CVE-2022-43125 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43125
CVE-2022-43126 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43126
CVE-2022-43127 Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43127
CVE-2022-43328 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43328
CVE-2022-43329 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43329
CVE-2022-43330 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43330
CVE-2022-43331 Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-43331
CVE-2020-9383 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-9383
CVE-2020-12825 libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12825
CVE-2020-23921 An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23921
CVE-2020-23922 An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23922
CVE-2020-23928 An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23928
CVE-2020-23931 An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23931
CVE-2020-24119 A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-24119
CVE-2021-31360 An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-31360
CVE-2020-23060 Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23060
CVE-2022-0891 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0891
CVE-2022-27816 SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27816
CVE-2022-29458 ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29458
CVE-2022-26365 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26365
CVE-2022-33740 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-33740
CVE-2022-33741 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-33741
CVE-2022-33742 Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-33742
CVE-2022-35822 Windows Defender Credential Guard Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-34709. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35822
CVE-2022-41742 NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-41742
CVE-2022-20954 Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20954
CVE-2022-20955 Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20955
CVE-2022-43280 wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-43280
CVE-2022-43282 wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-43282
CVE-2020-11884 In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-11884
CVE-2020-1752 A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-1752
CVE-2021-25329 The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-25329
CVE-2021-21703 In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-21703
CVE-2022-23181 The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23181
CVE-2022-29582 In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29582
CVE-2021-3697 A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-3697
CVE-2022-3028 A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-3028
CVE-2022-20422 In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel 7 https://nvd.nist.gov/vuln/detail/CVE-2022-20422
CVE-2022-3635 A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-3635
CVE-2019-19527 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19527
CVE-2019-19531 In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19531
CVE-2018-17774 Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2018-17774
CVE-2021-38396 The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38396
CVE-2021-3882 LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don't need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the 'Header always edit' configuration command in the mod_headers module. For Nginx, please refer to the 'proxy_cookie_flags' configuration command. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3882
CVE-2021-3788 An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3788
CVE-2021-44518 An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44518
CVE-2021-35245 When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-35245
CVE-2022-29855 Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29855
CVE-2022-29854 A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29854
CVE-2022-1739 The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1739
CVE-2021-33656 When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33656
CVE-2022-3048 Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3048
CVE-2022-31898 gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31898
CVE-2021-20077 Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-20077
CVE-2021-25738 Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25738
CVE-2022-20676 A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20676
CVE-2021-33103 Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-33103
CVE-2021-33124 Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-33124
CVE-2021-33655 When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-33655
CVE-2022-20855 A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20855
CVE-2022-20776 Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20776
CVE-2021-3485 An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2021-3485
CVE-2021-42550 In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2021-42550
CVE-2019-14433 An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-14433
CVE-2020-13143 gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13143
CVE-2020-6478 Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6478
CVE-2020-6567 Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6567
CVE-2020-6568 Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6568
CVE-2021-1357 Multiple vulnerabilities in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&amp;P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1357
CVE-2021-1417 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1417
CVE-2021-3487 There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3487
CVE-2021-29447 Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29447
CVE-2020-23995 An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23995
CVE-2021-3524 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \\r as a header separator, thus a new flaw has been created. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3524
CVE-2020-21839 An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21839
CVE-2020-22033 A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-22033
CVE-2021-30640 A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30640
CVE-2020-19721 A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-19721
CVE-2020-18151 Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-18151
CVE-2020-23707 A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23707
CVE-2020-20221 Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-20221
CVE-2020-18898 A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-18898
CVE-2021-38312 The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38312
CVE-2021-37183 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37183
CVE-2021-34647 The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34647
CVE-2021-34712 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34712
CVE-2021-33723 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33723
CVE-2021-38345 The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38345
CVE-2021-38465 The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38465
CVE-2021-3774 Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app via Http/JSON plain request. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3774
CVE-2021-45931 HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45931
CVE-2022-0155 follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0155
CVE-2021-37864 Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37864
CVE-2022-23437 There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23437
CVE-2021-24761 The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24761
CVE-2021-3813 Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3813
CVE-2022-22535 SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22535
CVE-2022-22537 When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22537
CVE-2022-22538 When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22538
CVE-2022-22539 When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22539
CVE-2022-22542 S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22542
CVE-2022-25193 Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25193
CVE-2021-3667 An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3667
CVE-2021-3733 There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3733
CVE-2022-0865 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0865
CVE-2021-3941 In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3941
CVE-2022-1210 A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1210
CVE-2022-29824 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29824
CVE-2022-26073 A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26073
CVE-2021-3611 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3611
CVE-2021-46744 An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46744
CVE-2022-27776 A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27776
CVE-2022-34000 libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34000
CVE-2021-29768 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29768
CVE-2022-22389 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22389
CVE-2022-31081 HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31081
CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32206
CVE-2022-29900 Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29900
CVE-2022-29901 Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29901
CVE-2022-31150 undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\\r\\n` is a workaround for this issue. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31150
CVE-2022-1497 Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1497
CVE-2022-1500 Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1500
CVE-2022-1501 Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1501
CVE-2022-1858 Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1858
CVE-2022-1862 Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1862
CVE-2022-1867 Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1867
CVE-2022-1868 Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1868
CVE-2022-1869 Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1869
CVE-2022-1873 Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1873
CVE-2022-2160 Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2160
CVE-2022-34526 A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34526
CVE-2022-2370 The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2370
CVE-2022-30698 NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30698
CVE-2022-30699 NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30699
CVE-2022-35918 Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35918
CVE-2022-1705 Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1705
CVE-2022-2605 Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2605
CVE-2022-2610 Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2610
CVE-2022-2612 Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2612
CVE-2022-2615 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2615
CVE-2022-2616 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2616
CVE-2022-2618 Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2618
CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2622
CVE-2022-38183 In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38183
CVE-2022-37428 PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37428
CVE-2021-4209 A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4209
CVE-2022-38342 Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38342
CVE-2022-2856 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2856
CVE-2022-2860 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2860
CVE-2022-2861 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2861
CVE-2022-3044 Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3044
CVE-2022-3047 Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3047
CVE-2022-3054 Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3054
CVE-2022-3056 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3056
CVE-2022-3057 Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3057
CVE-2012-4818 IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2012-4818
CVE-2022-20810 A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20810
CVE-2022-2929 In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2929
CVE-2022-42010 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42010
CVE-2022-42011 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42011
CVE-2022-42012 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42012
CVE-2022-33746 P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33746
CVE-2022-41471 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41471
CVE-2022-3165 An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3165
CVE-2022-21635 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21635
CVE-2022-39408 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39408
CVE-2022-39410 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39410
CVE-2022-2762 The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2762
CVE-2022-32574 A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32574
CVE-2022-33757 An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33757
CVE-2022-3097 The LBStopAttack WordPress plugin through 1.1.2 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3097
CVE-2022-3247 The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3247
CVE-2022-36454 A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36454
CVE-2022-28170 Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28170
CVE-2022-43776 The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43776
CVE-2022-39358 Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39358
CVE-2022-39359 Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39359
CVE-2022-39360 Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 single sign on (SSO) users were able to do password resets on Metabase, which could allow a user access without going through the SSO IdP. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase now blocks password reset for all users who use SSO for their Metabase login. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39360
CVE-2022-3718 A vulnerability, which was classified as problematic, was found in Exiv2. This affects the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The name of the patch is 459910c36a21369c09b75bcfa82f287c9da56abf. It is recommended to apply a patch to fix this issue. The identifier VDB-212349 was assigned to this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3718
CVE-2022-39364 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39364
CVE-2022-24669 It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24669
CVE-2022-24670 An attacker can use the unrestricted LDAP queries to determine configuration entries 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24670
CVE-2022-42055 Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42055
CVE-2022-26884 Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26884
CVE-2022-37424 Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37424
CVE-2022-39367 QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files into other locations in the filesystem if they are writable by the process running the QTIWorks Engine. In extreme cases, this could allow anonymous users to change files in arbitrary locations in the filesystem. In normal QTIWorks Engine deployments, the impact is somewhat reduced because the default QTIWorks configuration does not enable the public demo functionality, so ZIP files can only be uploaded by users with "instructor" privileges. This vulnerability is fixed in version 1.0-beta15. There are no database configuration changes required when upgrading to this version. No known workarounds for this issue exist. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39367
CVE-2022-3400 The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3400
CVE-2022-3228 Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3228
CVE-2022-3755 A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3755
CVE-2022-39022 U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39022
CVE-2022-39023 U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39023
CVE-2022-40742 Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40742
CVE-2022-40488 ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40488
CVE-2022-3419 The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3419
CVE-2022-3499 An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3499
CVE-2022-41680 Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41680
CVE-2022-42924 Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42924
CVE-2019-2897 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). 6.4 https://nvd.nist.gov/vuln/detail/CVE-2019-2897
CVE-2022-2497 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2497
CVE-2021-35937 A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35937
CVE-2022-44032 An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach(). 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-44032
CVE-2022-44033 An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-44033
CVE-2022-44034 An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove(). 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-44034
CVE-2021-3631 A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3631
CVE-2022-1462 An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1462
CVE-2022-1499 Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1499
CVE-2019-6142 It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-6142
CVE-2020-12666 macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12666
CVE-2019-19935 Froala Editor before 3.2.3 allows XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-19935
CVE-2020-1723 A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1723
CVE-2020-23376 NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23376
CVE-2021-35043 OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript\: URL with &#00058 as the replacement for the : character. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-35043
CVE-2021-43696 twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43696
CVE-2021-43692 youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43692
CVE-2021-43787 Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43787
CVE-2021-3837 openwhyd is vulnerable to Improper Authorization 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3837
CVE-2022-0235 node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0235
CVE-2022-22534 Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22534
CVE-2022-28202 An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28202
CVE-2022-1269 The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1269
CVE-2022-30770 Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30770
CVE-2022-34305 In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34305
CVE-2021-39047 IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39047
CVE-2022-34911 An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34911
CVE-2022-34912 An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34912
CVE-2022-34007 EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34007
CVE-2022-36266 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36266
CVE-2021-3427 The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3427
CVE-2022-1355 A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1355
CVE-2022-39842 An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39842
CVE-2022-2404 The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2404
CVE-2022-28816 In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28816
CVE-2012-2160 IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2012-2160
CVE-2020-15339 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15339
CVE-2022-3518 A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3518
CVE-2022-38195 There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38195
CVE-2022-38197 Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38197
CVE-2022-38198 There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38198
CVE-2022-38199 A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38199
CVE-2022-38200 A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38200
CVE-2022-27913 An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27913
CVE-2022-31468 OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31468
CVE-2022-38162 Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-38162
CVE-2022-3672 A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3672
CVE-2022-3673 A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3673
CVE-2022-40703 CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-40703
CVE-2021-45476 Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45476
CVE-2022-36182 Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36182
CVE-2022-32407 Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-32407
CVE-2021-36206 All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-36206
CVE-2021-38728 SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-38728
CVE-2022-39021 U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39021
CVE-2022-39024 U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39024
CVE-2022-39025 U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39025
CVE-2022-3766 Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3766
CVE-2022-40487 ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-40487
CVE-2022-2167 The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2167
CVE-2022-2190 The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2190
CVE-2022-2627 The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2627
CVE-2022-3440 The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3440
CVE-2022-3773 A vulnerability has been found in EmbedPress Plugin and classified as problematic. Affected by this vulnerability is an unknown functionality of the file post.php of the component Shortcode Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212503. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3773
CVE-2022-41679 Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-41679
CVE-2022-39020 Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-39020
CVE-2021-34761 A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-34761
CVE-2021-3607 An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-3607
CVE-2021-3608 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-3608
CVE-2020-2585 Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-2585
CVE-2021-20989 Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-20989
CVE-2021-27620 SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27620
CVE-2021-27622 SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27622
CVE-2021-27623 SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27623
CVE-2021-27624 SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27624
CVE-2021-27625 SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27625
CVE-2021-27626 SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27626
CVE-2021-27627 SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27627
CVE-2021-27634 SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-27634
CVE-2021-32686 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-32686
CVE-2021-38191 An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-38191
CVE-2021-39272 Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-39272
CVE-2021-40528 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-40528
CVE-2021-22947 When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-22947
CVE-2021-38542 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-38542
CVE-2022-24302 In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-24302
CVE-2022-25047 The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-25047
CVE-2022-32208 When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-32208
CVE-2022-0072 Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 5.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0072
CVE-2020-27350 APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1; 5.7 https://nvd.nist.gov/vuln/detail/CVE-2020-27350
CVE-2021-0129 Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-0129
CVE-2022-24472 Microsoft SharePoint Server Spoofing Vulnerability. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-24472
CVE-2021-20066 JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. 5.6 https://nvd.nist.gov/vuln/detail/CVE-2021-20066
CVE-2021-3499 A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service. 5.6 https://nvd.nist.gov/vuln/detail/CVE-2021-3499
CVE-2022-33748 lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. 5.6 https://nvd.nist.gov/vuln/detail/CVE-2022-33748
CVE-2016-7440 The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2016-7440
CVE-2015-9261 huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2015-9261
CVE-2020-1753 A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1753
CVE-2020-27618 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27618
CVE-2021-20227 A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20227
CVE-2021-3446 A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3446
CVE-2021-3478 There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3478
CVE-2021-3479 There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3479
CVE-2021-27815 NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27815
CVE-2021-3038 A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3038
CVE-2020-23915 An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23915
CVE-2020-18392 Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-18392
CVE-2021-28623 Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28623
CVE-2021-3598 There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3598
CVE-2021-33713 A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33713
CVE-2021-33715 A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33715
CVE-2021-34307 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343) 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34307
CVE-2021-0518 In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-176541017 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0518
CVE-2020-19463 An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-19463
CVE-2020-19464 An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow . 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-19464
CVE-2021-3679 A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3679
CVE-2021-3605 There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3605
CVE-2020-21535 fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-21535
CVE-2021-3709 Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3709
CVE-2020-23886 XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-23886
CVE-2021-45948 Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45948
CVE-2021-45942 OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45942
CVE-2021-45943 GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45943
CVE-2022-22844 LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22844
CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0319
CVE-2020-12966 AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12966
CVE-2021-45386 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45386
CVE-2021-45387 tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45387
CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0561
CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0562
CVE-2022-0696 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0696
CVE-2022-0714 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0714
CVE-2022-26336 A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26336
CVE-2022-0907 Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0907
CVE-2022-0908 Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0908
CVE-2022-0909 Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0909
CVE-2022-0924 Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0924
CVE-2021-28275 A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28275
CVE-2021-3933 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3933
CVE-2022-27939 tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27939
CVE-2022-1056 Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1056
CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1122
CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1420
CVE-2022-27359 Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27359
CVE-2022-1622 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1622
CVE-2022-1623 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1623
CVE-2022-28774 Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28774
CVE-2022-1674 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1674
CVE-2021-33117 Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33117
CVE-2021-33149 Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33149
CVE-2022-30973 We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30973
CVE-2022-30155 Windows Kernel Denial of Service Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30155
CVE-2022-33068 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33068
CVE-2022-33070 Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33070
CVE-2022-1852 A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1852
CVE-2022-2078 A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2078
CVE-2022-2318 There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2318
CVE-2022-32317 The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32317
CVE-2022-36313 An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36313
CVE-2022-36829 PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36829
CVE-2022-36830 PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36830
CVE-2022-36831 Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36831
CVE-2022-36836 Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36836
CVE-2022-36837 Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36837
CVE-2022-36839 SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36839
CVE-2022-1962 Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1962
CVE-2021-0975 In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0975
CVE-2022-21233 Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21233
CVE-2022-26373 Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26373
CVE-2022-0171 A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0171
CVE-2022-1184 A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1184
CVE-2022-1354 A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1354
CVE-2022-2153 A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2153
CVE-2022-3061 Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3061
CVE-2022-39190 An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39190
CVE-2022-2905 An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2905
CVE-2022-38064 OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-38064
CVE-2022-30674 Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30674
CVE-2022-32854 This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32854
CVE-2022-32864 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32864
CVE-2022-32883 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32883
CVE-2022-3278 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3278
CVE-2022-1725 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1725
CVE-2022-41842 An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41842
CVE-2022-41844 An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41844
CVE-2022-41846 An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41846
CVE-2022-41847 An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41847
CVE-2022-42721 A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42721
CVE-2022-42722 In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42722
CVE-2022-39253 Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39253
CVE-2022-3586 A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3586
CVE-2022-40884 Bento4 1.6.0 has memory leaks via the mp4fragment. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40884
CVE-2022-40885 Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-40885
CVE-2022-39349 The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39349
CVE-2022-39836 An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39836
CVE-2022-39837 An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference, 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-39837
CVE-2022-3344 A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3344
CVE-2022-3644 The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3644
CVE-2022-33180 A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33180
CVE-2022-33181 An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33181
CVE-2022-20953 Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20953
CVE-2022-3663 A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. This issue affects the function AP4_StsdAtom of the file Ap4StsdAtom.cpp of the component MP4fragment. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212003. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3663
CVE-2022-3668 A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3668
CVE-2022-3669 A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3669
CVE-2022-43283 wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43283
CVE-2022-44020 An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration." 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-44020
CVE-2022-43148 rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-43148
CVE-2022-44079 pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-44079
CVE-2022-44081 Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-44081
CVE-2020-2231 Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-2231
CVE-2021-38374 OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-38374
CVE-2022-24588 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24588
CVE-2022-29046 Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29046
CVE-2022-1928 Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1928
CVE-2022-23055 In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23055
CVE-2022-1757 The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1757
CVE-2022-34140 A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-34140
CVE-2022-24654 Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24654
CVE-2022-38189 A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-38189
CVE-2022-37063 All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the attacker to insert malicious JavaScript code. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-37063
CVE-2022-3201 Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3201
CVE-2022-32175 In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-32175
CVE-2022-41472 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41472
CVE-2022-41358 A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41358
CVE-2022-34870 Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-34870
CVE-2022-36783 AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user (victim). JavaScript code is executed on the browser of the other user. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36783
CVE-2022-39350 @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did not encode or sanitize Showdown's output. This made it possible for arbitrary JavaScript included in vulnerability details via HTML attributes to be executed in context of the frontend. Actors with the `VULNERABILITY_MANAGEMENT` permission can exploit this weakness by creating or editing a custom vulnerability and providing XSS payloads in any of the following fields: Description, Details, Recommendation, or References. The payload will be executed for users with the `VIEW_PORTFOLIO` permission when browsing to the modified vulnerability's page. Alternatively, malicious JavaScript could be introduced via any of the vulnerability databases mirrored by Dependency-Track. However, this attack vector is highly unlikely, and the maintainers of Dependency-Track are not aware of any occurrence of this happening. Note that the `Vulnerability Details` element of the `Audit Vulnerabilities` tab in the project view is not affected. The issue has been fixed in frontend version 4.6.1. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-39350
CVE-2022-20959 A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20959
CVE-2022-39348 Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-39348
CVE-2022-3704 A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3704
CVE-2022-3716 A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3716
CVE-2022-42992 Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42992
CVE-2022-42991 A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42991
CVE-2022-42993 Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42993
CVE-2022-42054 Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-42054
CVE-2022-40965 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-40965
CVE-2022-41555 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41555
CVE-2022-41651 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41651
CVE-2022-41701 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41701
CVE-2022-41702 The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-41702
CVE-2021-35388 Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35388
CVE-2021-37781 Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-37781
CVE-2021-36863 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36863
CVE-2022-43164 A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43164
CVE-2022-43165 A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43165
CVE-2022-43166 A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43166
CVE-2022-43167 A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43167
CVE-2022-43169 A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43169
CVE-2022-43170 A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-43170
CVE-2021-36864 Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36864
CVE-2022-39026 U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-39026
CVE-2022-39027 U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-39027
CVE-2022-40739 Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-40739
CVE-2022-3765 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3765
CVE-2022-3096 The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-3096
CVE-2022-39017 Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-39017
CVE-2017-9947 A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2017-9947
CVE-2018-7434 zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2018-7434
CVE-2020-3315 Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-3315
CVE-2020-14155 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14155
CVE-2020-14621 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14621
CVE-2021-1495 Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1495
CVE-2021-3531 A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3531
CVE-2021-32678 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32678
CVE-2021-33037 Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-33037
CVE-2021-32703 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32703
CVE-2021-32725 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32725
CVE-2021-32734 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32734
CVE-2021-34429 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34429
CVE-2021-34434 In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34434
CVE-2021-37175 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-37175
CVE-2021-21705 In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21705
CVE-2021-31352 An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31352
CVE-2021-31361 An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an unauthenticated network based attacker to cause increased FPC CPU utilization by sending specific IP packets which are being VXLAN encapsulated leading to a partial Denial of Service (DoS). Continued receipted of these specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX Series: All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS on PTX Series: All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31361
CVE-2021-31375 An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-31375
CVE-2021-35236 The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-35236
CVE-2021-34790 Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34790
CVE-2021-34791 Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34791
CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25219
CVE-2021-3793 An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-3793
CVE-2022-21271 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21271
CVE-2022-21277 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21277
CVE-2022-21282 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21282
CVE-2022-21283 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21283
CVE-2022-21291 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21291
CVE-2022-21293 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21293
CVE-2022-21294 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21294
CVE-2022-21296 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21296
CVE-2022-21366 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21366
CVE-2021-33843 Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-33843
CVE-2021-25118 The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25118
CVE-2022-25146 The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25146
CVE-2022-0396 BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0396
CVE-2022-26653 Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26653
CVE-2022-26777 Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26777
CVE-2022-2097 AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2097
CVE-2022-32222 A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32222
CVE-2022-2552 The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2552
CVE-2022-2663 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2663
CVE-2022-39236 Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39236
CVE-2020-15325 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15325
CVE-2020-15326 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15326
CVE-2020-15328 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15328
CVE-2020-15329 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15329
CVE-2020-15330 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15330
CVE-2020-15333 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15333
CVE-2020-15334 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15334
CVE-2020-15337 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15337
CVE-2020-15338 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15338
CVE-2020-15342 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15342
CVE-2020-15343 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15343
CVE-2020-15344 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15344
CVE-2020-15345 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15345
CVE-2020-15346 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15346
CVE-2022-21618 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21618
CVE-2022-21626 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21626
CVE-2022-21628 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21628
CVE-2022-3646 A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3646
CVE-2022-35739 PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-35739
CVE-2022-39315 Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39315
CVE-2022-39340 OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39340
CVE-2022-27912 An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27912
CVE-2022-2508 In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2508
CVE-2022-39329 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-39329
CVE-2022-3387 Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-3387
CVE-2022-44022 PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-44022
CVE-2022-44023 PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response timings for authentication attempts. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-44023
CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. 5 https://nvd.nist.gov/vuln/detail/CVE-2020-8554
CVE-2021-43788 Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. 5 https://nvd.nist.gov/vuln/detail/CVE-2021-43788
CVE-2022-29614 SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. 5 https://nvd.nist.gov/vuln/detail/CVE-2022-29614
CVE-2017-3641 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2017-3641
CVE-2021-3680 showdoc is vulnerable to Missing Cryptographic Step 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-3680
CVE-2021-28700 xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-28700
CVE-2021-36310 Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-36310
CVE-2022-21427 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21427
CVE-2022-21594 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21594
CVE-2022-21599 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21599
CVE-2022-21604 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21604
CVE-2022-21605 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21605
CVE-2022-21607 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21607
CVE-2022-21608 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21608
CVE-2022-21617 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21617
CVE-2022-21632 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21632
CVE-2022-21633 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21633
CVE-2022-21637 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21637
CVE-2022-21638 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21638
CVE-2022-21640 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21640
CVE-2022-21641 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21641
CVE-2022-39400 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-39400
CVE-2022-3018 An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-3018
CVE-2022-43086 Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-43086
CVE-2020-2767 Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2767
CVE-2020-2800 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-2800
CVE-2020-14556 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). 4.8 https://nvd.nist.gov/vuln/detail/CVE-2020-14556
CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\\\..\\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29425
CVE-2021-24653 The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24653
CVE-2021-44717 Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44717
CVE-2022-25574 A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25574
CVE-2022-1095 The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1095
CVE-2022-1327 The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1327
CVE-2022-35882 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35882
CVE-2022-0598 The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0598
CVE-2022-36325 Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36325
CVE-2022-2152 The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2152
CVE-2022-3350 The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3350
CVE-2022-3391 The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3391
CVE-2022-3392 The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3392
CVE-2022-40184 Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-40184
CVE-2021-36858 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36858
CVE-2022-3237 The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3237
CVE-2022-3408 The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3408
CVE-2022-3420 The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3420
CVE-2022-3441 The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3441
CVE-2022-43076 A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43076
CVE-2022-43078 A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-43078
CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees 4.7 https://nvd.nist.gov/vuln/detail/CVE-2013-4235
CVE-2021-3753 A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3753
CVE-2022-33744 Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-33744
CVE-2021-3521 There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3521
CVE-2022-39188 An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-39188
CVE-2022-40307 An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-40307
CVE-2022-41222 mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-41222
CVE-2021-27853 Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-27853
CVE-2022-3303 A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-3303
CVE-2022-40183 An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-40183
CVE-2019-19523 In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-19523
CVE-2019-19524 In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-19524
CVE-2019-19525 In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-19525
CVE-2019-19526 In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-19526
CVE-2019-19530 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2019-19530
CVE-2021-3636 It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2021-3636
CVE-2020-23058 An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2020-23058
CVE-2022-25258 An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-25258
CVE-2022-29948 Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-29948
CVE-2022-36838 Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-36838
CVE-2021-3695 A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. 4.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3695
CVE-2021-3696 A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. 4.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3696
CVE-2016-5584 Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2016-5584
CVE-2017-3243 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). 4.4 https://nvd.nist.gov/vuln/detail/CVE-2017-3243
CVE-2017-10286 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.4 https://nvd.nist.gov/vuln/detail/CVE-2017-10286
CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-35821
CVE-2022-21595 Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21595
CVE-2022-21625 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21625
CVE-2022-39351 Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit log in cle