Vulnerability Summary for the Week of August 1, 2022

Released
Aug 08, 2022
Document ID
SB22-220

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
@acrontum -- filesystem-template
 
The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.2022-08-05not yet calculatedCVE-2022-21186
CONFIRM
CONFIRM
Ittiam -- libmpeg2
 
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.2022-08-05not yet calculatedCVE-2022-37416
MISC
MISC
accusoft -- imagegear
 
An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-29465
MISC
aes_crypt -- aes_crypt
 
AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key.2022-08-03not yet calculatedCVE-2022-35928
MISC
CONFIRM
alphaware_simple_e-commerce_system -- alphaware_simple_e-commerce_system
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input '"><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability.2022-08-05not yet calculatedCVE-2022-2682
MISC
MISC
apache -- hadoop
 
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).2022-08-04not yet calculatedCVE-2022-25168
MISC
apache -- jspwiki
 
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.2022-08-04not yet calculatedCVE-2022-28730
MISC
apache -- jspwiki
 
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.2022-08-04not yet calculatedCVE-2022-27166
MISC
apache -- jspwiki
 
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.2022-08-04not yet calculatedCVE-2022-28732
MISC
apache -- jspwiki
 
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.2022-08-04not yet calculatedCVE-2022-34158
MISC
apache -- jspwiki
 
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.2022-08-04not yet calculatedCVE-2022-28731
MISC
apartment_visitor_management_system -- apartment_visitor_management_system
 
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ' AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND 'htiy'='htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability.2022-08-05not yet calculatedCVE-2022-2677
MISC
MISC
apartment_visitor_management_system -- apartment_visitor_management_system
 
A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672.2022-08-05not yet calculatedCVE-2022-2684
MISC
MISC
aplhaware_simple_e-commerce_system -- aplhaware_simple_e-commerce_system
 
A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability.2022-08-05not yet calculatedCVE-2022-2678
MISC
MISC
arista -- cloudvision_portal
 
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.2022-08-05not yet calculatedCVE-2022-29071
MISC
arista -- eos
 
This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass.2022-08-05not yet calculatedCVE-2021-28511
MISC
arm -- mali_gpu_kernel_driver
 
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.2022-08-02not yet calculatedCVE-2022-33917
MISC
arris -- multiple_products
 
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.2022-08-04not yet calculatedCVE-2022-31793
MISC
MISC
MISC
MISC
artica -- pandora_fmsPandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.2022-08-01not yet calculatedCVE-2022-26308
CONFIRM
CONFIRM
artica -- pandora_fmsA XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field.2022-08-05not yet calculatedCVE-2021-46678
CONFIRM
CONFIRM
artica -- pandora_fmsA XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements.2022-08-05not yet calculatedCVE-2021-46679
CONFIRM
CONFIRM
artica -- pandora_fmsA XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field.2022-08-05not yet calculatedCVE-2021-46680
CONFIRM
artica -- pandora_fmsPandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.2022-08-01not yet calculatedCVE-2022-26310
CONFIRM
CONFIRM
artica -- pandora_fmsA XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.2022-08-05not yet calculatedCVE-2021-46677
CONFIRM
CONFIRM
artica -- pandora_fms
 
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.2022-08-05not yet calculatedCVE-2021-46681
CONFIRM
CONFIRM
artica-- pandora_fmsPandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.2022-08-01not yet calculatedCVE-2022-26309
CONFIRM
CONFIRM
artica -- pandora_fmsA XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field.2022-08-05not yet calculatedCVE-2021-46676
CONFIRM
CONFIRM
asustor -- adm
 
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.2022-08-05not yet calculatedCVE-2022-37398
MISC
asuswrt-merlin -- asuswrt
 
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-26376
MISC
atlassian -- jira_data_centerThis issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1.2022-08-01not yet calculatedCVE-2022-36799
MISC
atlassian -- jira_service_management_server_and_data_center
 
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.2022-08-03not yet calculatedCVE-2022-36800
MISC
autodesk -- autocadParsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-07-29not yet calculatedCVE-2022-33881
MISC
autodesk -- autodesk_design_review
 
A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2022-07-29not yet calculatedCVE-2022-27866
MISC
autodesk -- autodesk_design_review
 
A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.2022-07-29not yet calculatedCVE-2022-27865
MISC
autodesk -- autodesk_design_review
 
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.2022-07-29not yet calculatedCVE-2022-27864
MISC
autodesk -- fusion_360An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.2022-07-29not yet calculatedCVE-2022-27873
MISC
backdrop -- backdrop
 
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.2022-08-01not yet calculatedCVE-2022-34530
MISC
MISC
beancount -- favaCross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.2022-08-01not yet calculatedCVE-2022-2589
CONFIRM
MISC
best_fee_management_system -- best_fee_management_system
 
A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability.2022-08-05not yet calculatedCVE-2022-2674
MISC
bigtree_cms -- bigtree_cms
 
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file.2022-08-03not yet calculatedCVE-2022-36197
MISC
bmc -- track-it
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.2022-08-03not yet calculatedCVE-2022-35864
MISC
MISC
bmc -- track-it
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.2022-08-03not yet calculatedCVE-2022-35865
MISC
MISC
boltcms -- boltcms
 
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.2022-08-01not yet calculatedCVE-2022-31321
MISC
MISC
bookwyrm -- bookwyrm
 
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.2022-08-02not yet calculatedCVE-2022-35925
MISC
CONFIRM
MISC
bookwyrm -- bookwyrm
 
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.2022-08-04not yet calculatedCVE-2022-2651
CONFIRM
MISC
bosch -- bf-os
 
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.2022-08-01not yet calculatedCVE-2022-36301
CONFIRM
bosch -- bf-os
 
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.2022-08-01not yet calculatedCVE-2022-36302
CONFIRM
centreon -- centreon
 
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335.2022-08-03not yet calculatedCVE-2022-34871
MISC
MISC
centreon -- centreon
 
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.2022-08-03not yet calculatedCVE-2022-34872
MISC
MISC
chia_network -- cat1
 
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.2022-07-29not yet calculatedCVE-2022-36447
MISC
MISC
church_management_system -- church_management_system
 
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668.2022-08-05not yet calculatedCVE-2022-2680
MISC
MISC
ckeditor -- ckeditor5
 
CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor/ckeditor5-markdown-gfm`, `@ckeditor/ckeditor5-html-support`, and `@ckeditor/ckeditor5-html-embed`. The specific conditions are 1) Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2) Destroying the editor instance and 3) Initializing the editor on an element and using an element other than `<textarea>` as a base. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization/destroy and use Markdown, General HTML Support or HTML embed features. The problem has been recognized and patched. The fix is available in version 35.0.1. There are no known workarounds for this issue.2022-08-03not yet calculatedCVE-2022-31175
CONFIRM
MISC
MISC
MISC
company_website_cms -- company_website_cms
 
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability.2022-08-06not yet calculatedCVE-2022-2694
MISC
MISC
complete_online_job_search system -- complete_online_job_search system
 
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit.2022-08-05not yet calculatedCVE-2022-35163
MISC
complete_online_job_search system -- complete_online_job_search system
 
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit.2022-08-05not yet calculatedCVE-2022-35162
MISC
connman -- connman
 
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.2022-08-03not yet calculatedCVE-2022-32293
CONFIRM
MISC
CONFIRM
connman -- connman
 
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.2022-08-03not yet calculatedCVE-2022-32292
MISC
CONFIRM
contiki-ng -- contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654.2022-08-04not yet calculatedCVE-2022-35926
CONFIRM
MISC
MISC
MISC
contiki-ng -- contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615.2022-08-04not yet calculatedCVE-2021-32771
MISC
MISC
CONFIRM
MISC
contiki-ng -- contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue.2022-08-04not yet calculatedCVE-2022-35927
MISC
CONFIRM
MISC
cpcletop -- io.socket:socket.io-client
 
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.2022-08-02not yet calculatedCVE-2022-25867
MISC
MISC
MISC
MISC
MISC
crowcpp -- crowcpp
 
Crow before v1.0+4 was discovered to contain a buffer overflow via the function qs_parse at query_string.h. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2022-08-04not yet calculatedCVE-2022-34970
MISC
MISC
curljs -- curljs
 
This affects all versions of package curljs.2022-08-02not yet calculatedCVE-2020-28425
MISC
cvat -- cvat
 
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-31188
MISC
CONFIRM
d-link -- dir-818lw a1:dir818l_fw105b01
 
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.2022-08-03not yet calculatedCVE-2022-35620
MISC
MISC
d-link -- dir820la1_fw106b02
 
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.2022-08-03not yet calculatedCVE-2022-34974
MISC
MISC
d-link -- dsl-3782D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.2022-07-29not yet calculatedCVE-2022-34527
MISC
MISC
d-link -- dsl-3782D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue.2022-07-29not yet calculatedCVE-2022-34528
MISC
MISC
d-link -- dir-818lw a1:dir818l_fw105b01
 
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.2022-08-03not yet calculatedCVE-2022-35619
MISC
MISC
d-link -- dir820la1_fw106b02
 
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.2022-08-03not yet calculatedCVE-2022-34973
MISC
MISC
dd-wrt -- dd-wrt
 
A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-27631
MISC
dedecms -- dedecmsDedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.2022-07-29not yet calculatedCVE-2022-34531
MISC
devexpress -- devexpress
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710.2022-08-03not yet calculatedCVE-2022-28684
MISC
discourse -- discourse
 
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.2022-08-01not yet calculatedCVE-2022-31182
MISC
CONFIRM
discourse -- discourse
 
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.2022-08-01not yet calculatedCVE-2022-31184
CONFIRM
MISC
django -- django
 
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.2022-08-03not yet calculatedCVE-2022-36359
MISC
CONFIRM
MISC
MLIST
dogtagpki -- dogtagpkiAccess to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.2022-07-29not yet calculatedCVE-2022-2414
MISC
dotcms -- dotcms
 
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false.2022-08-05not yet calculatedCVE-2022-37431
MISC
dpgaspar -- flash-appbuilder
 
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-31177
CONFIRM
MISC
dspace -- jspuiDSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges (submitter rights). This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds. However, this vulnerability cannot be exploited by an anonymous user or a basic user. The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability.2022-08-01not yet calculatedCVE-2022-31194
CONFIRM
MISC
MISC
dspace -- jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-31191
MISC
MISC
MISC
MISC
CONFIRM
dspace -- jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges (either Administrators or someone with command-line access to the server). This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to /admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path "/xmlui", then you'd need to block access to /xmlui/admin/batchimport. If you are using the JSPUI, block all access to /dspace-admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path "/jspui", then you'd need to block access to /jspui/dspace-admin/batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import/upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability.2022-08-01not yet calculatedCVE-2022-31195
MISC
CONFIRM
MISC
dspace -- jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.2022-08-01not yet calculatedCVE-2022-31193
MISC
MISC
CONFIRM
dspace -- jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.2022-08-01not yet calculatedCVE-2022-31192
MISC
CONFIRM
MISC
dspace -- jspui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.2022-08-01not yet calculatedCVE-2022-31189
CONFIRM
MISC
dspace -- xmlui
 
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.2022-08-01not yet calculatedCVE-2022-31190
CONFIRM
MISC
MISC
easyuse -- mailhunter_ultimate
 
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.2022-08-02not yet calculatedCVE-2022-35223
MISC
eclipse -- californiumIn Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.2022-07-29not yet calculatedCVE-2022-2576
CONFIRM
elabftw -- elabftweLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-31178
CONFIRM
electronic_medical_records_system -- electronic_medical_records_system
 
A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664.2022-08-05not yet calculatedCVE-2022-2676
MISC
MISC
electronic_medical_records_system -- electronic_medical_records_system
 
A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816.2022-08-06not yet calculatedCVE-2022-2693
MISC
MISC
enalean -- tuleapTuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-31128
CONFIRM
MISC
MISC
MISC
ercom -- citadel
 
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.2022-08-02not yet calculatedCVE-2022-1293
MISC
estsoft -- alyac
 
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-29886
MISC
estsoft -- alyac
 
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-32543
MISC
evmos -- ethermint
 
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract's code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.2022-08-05not yet calculatedCVE-2022-35936
MISC
MISC
CONFIRM
exim -- exim
 
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.2022-08-06not yet calculatedCVE-2022-37451
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
expense_management_system -- expense_management_system
 
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811.2022-08-06not yet calculatedCVE-2022-2688
MISC
f-secure -- atlant_and_withsecure
 
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.2022-08-05not yet calculatedCVE-2022-28880
MISC
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-34651
MISC
f5 -- big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-34851
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-34655
MISC
f5 -- big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-35272
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-35245
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-35240
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-35243
MISC
f5 -- big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-35728
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-35735
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-34844
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-34862
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-35236
MISC
f5 -- big-ip
 
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-34865
MISC
f5 -- big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-33962
MISC
f5 -- big-ip
 
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-33968
MISC
f5 -- big_ip
 
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-32455
MISC
f5 -- big_ip
 
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-33203
MISC
f5 -- big_ip
 
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-33947
MISC
f5 -- nginx_ingress_controller
 
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-30535
MISC
f5 -- nginx_instance_manager
 
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-35241
MISC
f5 -- big-ip
 
In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2022-08-04not yet calculatedCVE-2022-31473
MISC
flask_security -- flask_security
 
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.2022-08-02not yet calculatedCVE-2021-23385
MISC
MISC
MISC
fortinet -- fortiadc
 
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.2022-08-03not yet calculatedCVE-2022-27484
CONFIRM
fortinet -- fortios
 
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.2022-08-03not yet calculatedCVE-2022-23442
CONFIRM
fortinet -- multiple_products
 
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.2022-08-05not yet calculatedCVE-2022-22299
CONFIRM
foxit -- pdf_reader_and_pdf_editor
 
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.2022-08-06not yet calculatedCVE-2022-27944
MISC
MISC
foxit -- pdf_reader_and_pdf_editor
 
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.2022-08-06not yet calculatedCVE-2022-26979
MISC
MISC
freshtomato -- freshtomato
 
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption.2022-08-05not yet calculatedCVE-2022-28665
MISC
freshtomato -- freshtomato
 
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption.2022-08-05not yet calculatedCVE-2022-28664
MISC
friendsofflarum -- byobu
 
fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue.2022-08-01not yet calculatedCVE-2022-35921
CONFIRM
MISC
frrouting -- frrouting
 
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.2022-08-02not yet calculatedCVE-2022-37035
MISC
MISC
garage_management_system -- garage_management_systemA vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2022-07-29not yet calculatedCVE-2022-2577
MISC
MISC
garage_management_system -- garage_management_systemA vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.2022-07-29not yet calculatedCVE-2022-2578
MISC
MISC
garage_management_system -- garage_management_system
 
A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655.2022-08-05not yet calculatedCVE-2022-2671
MISC
garage_management_system -- garage_management_system
 
A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\"><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability.2022-08-04not yet calculatedCVE-2022-2645
MISC
garage_management_system -- garage_management_system
 
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656.2022-08-05not yet calculatedCVE-2022-2672
MISC
garage_management_system -- garage_management_systemA vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src="" onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2022-07-29not yet calculatedCVE-2022-2579
MISC
MISC
get-npm-package-version -- get-npm-package-versionThe package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.2022-08-02not yet calculatedCVE-2020-7795
MISC
MISC
MISC
MISC
getlaminas -- laminas-diactoroslaminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a `Laminas\Diactoros\Uri` instance associated with the incoming server request modified to reflect values from `X-Forwarded-*` headers. Such changes can potentially lead to XSS attacks (if a fully-qualified URL is used in links) and/or URL poisoning. Since the `X-Forwarded-*` headers do have valid use cases, particularly in clustered environments using a load balancer, the library offers mitigation measures only in the v2 releases, as doing otherwise would break these use cases immediately. Users of v2 releases from 2.11.1 can provide an additional argument to `Laminas\Diactoros\ServerRequestFactory::fromGlobals()` in the form of a `Laminas\Diactoros\RequestFilter\RequestFilterInterface` instance, including the shipped `Laminas\Diactoros\RequestFilter\NoOpRequestFilter` implementation which ignores the `X-Forwarded-*` headers. Starting in version 3.0, the library will reverse behavior to use the `NoOpRequestFilter` by default, and require users to opt-in to `X-Forwarded-*` header usage via a configured `Laminas\Diactoros\RequestFilter\LegacyXForwardedHeaderFilter` instance. Users are advised to upgrade to version 2.11.1 or later to resolve this issue. Users unable to upgrade may configure web servers to reject `X-Forwarded-*` headers at the web server level.2022-08-01not yet calculatedCVE-2022-31109
MISC
CONFIRM
MISC
gitblame -- gitblame
 
This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.2022-08-02not yet calculatedCVE-2020-28434
MISC
github -- enterprise_serverA stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.2022-08-02not yet calculatedCVE-2022-23733
CONFIRM
CONFIRM
CONFIRM
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.2022-08-05not yet calculatedCVE-2022-2539
MISC
CONFIRM
gitlab -- ce/ee
 
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.2022-08-05not yet calculatedCVE-2022-2095
CONFIRM
MISC
MISC
gitlab -- ce/ee
 
A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.2022-08-05not yet calculatedCVE-2022-2307
CONFIRM
MISC
gitlab -- ce/ee
 
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.2022-08-05not yet calculatedCVE-2022-2500
CONFIRM
MISC
MISC
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.2022-08-05not yet calculatedCVE-2022-2534
MISC
CONFIRM
gitlab -- ce/ee
 
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.2022-08-05not yet calculatedCVE-2022-2459
MISC
MISC
CONFIRM
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email.2022-08-05not yet calculatedCVE-2022-2326
MISC
MISC
CONFIRM
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious maintainer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.2022-08-05not yet calculatedCVE-2022-2497
MISC
CONFIRM
MISC
gitlab -- ce/ee
 
Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.2022-08-05not yet calculatedCVE-2022-2417
MISC
CONFIRM
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.2022-08-05not yet calculatedCVE-2022-2512
MISC
CONFIRM
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.2022-08-05not yet calculatedCVE-2022-2303
MISC
MISC
CONFIRM
gitlab -- ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.2022-08-05not yet calculatedCVE-2022-2456
MISC
MISC
CONFIRM
gitlab -- ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.2022-08-05not yet calculatedCVE-2022-2531
MISC
CONFIRM
MISC
gitlab -- ee
 
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.2022-08-05not yet calculatedCVE-2022-2501
CONFIRM
MISC
MISC
gitlab -- ee
 
An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.2022-08-05not yet calculatedCVE-2022-2498
MISC
CONFIRM
MISC
gitlab -- ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.2022-08-05not yet calculatedCVE-2022-2499
CONFIRM
MISC
MISC
gnu_affero -- minio
 
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.2022-08-01not yet calculatedCVE-2022-35919
MISC
MISC
CONFIRM
gnutls -- gnutlsA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.2022-08-01not yet calculatedCVE-2022-2509
MISC
MISC
go_ethereum -- go_ethereum
 
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.2022-08-05not yet calculatedCVE-2022-37450
MISC
MISC
MISC
MISC
google -- androidIn mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553.2022-08-01not yet calculatedCVE-2022-26431
MISC
google -- androidIn camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486.2022-08-01not yet calculatedCVE-2022-26426
MISC
google -- androidIn camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059.2022-08-01not yet calculatedCVE-2022-21791
MISC
google -- androidIn mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID: ALPS07138450.2022-08-01not yet calculatedCVE-2022-26434
MISC
google -- androidIn mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400.2022-08-01not yet calculatedCVE-2022-26433
MISC
google -- androidIn mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542; Issue ID: ALPS07032542.2022-08-01not yet calculatedCVE-2022-26432
MISC
google -- androidIn video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260.2022-08-01not yet calculatedCVE-2022-26428
MISC
google -- androidIn camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410.2022-08-01not yet calculatedCVE-2022-21792
MISC
google -- androidIn mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521.2022-08-01not yet calculatedCVE-2022-26430
MISC
google -- androidIn scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728.2022-08-01not yet calculatedCVE-2022-21788
MISC
google -- androidIn cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415.2022-08-01not yet calculatedCVE-2022-26429
MISC
google -- androidIn audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.2022-08-01not yet calculatedCVE-2022-21789
MISC
google -- androidIn mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435.2022-08-01not yet calculatedCVE-2022-26435
MISC
google -- androidIn camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306.2022-08-01not yet calculatedCVE-2022-21790
MISC
google -- androidIn camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540.2022-08-01not yet calculatedCVE-2022-26427
MISC
google -- androidIn emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666.2022-08-01not yet calculatedCVE-2022-26436
MISC
google -- android
 
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote).2022-07-30not yet calculatedCVE-2022-30083
MISC
google -- google_play_services_software_development_kitIncorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.2022-07-29not yet calculatedCVE-2022-1799
MISC
graphql-go -- graphql-gographql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.2022-08-01not yet calculatedCVE-2022-37315
MISC
graphql-rust -- juniper
 
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.2022-08-01not yet calculatedCVE-2022-31173
MISC
MISC
MISC
CONFIRM
grummunio -- gromox
 
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.2022-08-04not yet calculatedCVE-2022-37030
MISC
MISC
gvret -- gvret
 
GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp.2022-08-03not yet calculatedCVE-2022-35161
MISC
gym_management_system -- gym_management_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability.2022-08-06not yet calculatedCVE-2022-2687
MISC
MISC
hcl_commerce -- remote_store_server
 
HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.2022-07-30not yet calculatedCVE-2021-27785
MISC
hcl_software -- launch
 
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.2022-08-03not yet calculatedCVE-2022-27551
CONFIRM
heroku-env -- heroku-env
 
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.2022-08-02not yet calculatedCVE-2020-28437
MISC
hestiacp -- hestiacpImproper Input Validation in GitHub repository hestiacp/hestiacp prior to 1.6.6.2022-08-05not yet calculatedCVE-2022-2636
CONFIRM
MISC
hestiacp -- hestiacp
 
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.2022-08-05not yet calculatedCVE-2022-2626
MISC
CONFIRM
hiby -- r3_pro_firmwareHiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.2022-07-29not yet calculatedCVE-2022-34496
MISC
MISC
hinet -- hicos_citizen_verification
 
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.2022-08-02not yet calculatedCVE-2022-35222
MISC
ibm -- cics_txIBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333.2022-08-01not yet calculatedCVE-2022-34163
CONFIRM
CONFIRM
XF
ibm -- cics_txIBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.2022-08-01not yet calculatedCVE-2022-34161
CONFIRM
XF
CONFIRM
ibm -- cics_txIBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436.2022-08-01not yet calculatedCVE-2022-34307
XF
CONFIRM
CONFIRM
ibm -- cics_txIBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338.2022-08-01not yet calculatedCVE-2022-34164
CONFIRM
CONFIRM
XF
ibm -- cics_txIBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332.2022-08-01not yet calculatedCVE-2022-34162
CONFIRM
CONFIRM
XF
ibm -- cics_txIBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.2022-08-01not yet calculatedCVE-2022-33955
CONFIRM
XF
CONFIRM
ibm -- datapower_gatewayIBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359.2022-08-01not yet calculatedCVE-2022-31775
XF
CONFIRM
ibm -- datapower_gatewayIBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435.2022-08-01not yet calculatedCVE-2022-32750
CONFIRM
XF
ibm -- datapower_gatewayIBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.2022-08-01not yet calculatedCVE-2022-31776
XF
CONFIRM
ibm -- datapower_gatewayIBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358.2022-08-01not yet calculatedCVE-2022-31774
CONFIRM
XF
ibm -- datapower_gatewayIBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.2022-08-01not yet calculatedCVE-2022-22326
CONFIRM
CONFIRM
XF
ibm -- powervm_viosIBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956.2022-07-29not yet calculatedCVE-2022-35643
CONFIRM
XF
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962.2022-08-01not yet calculatedCVE-2022-34338
XF
CONFIRM
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288.2022-08-01not yet calculatedCVE-2022-22505
CONFIRM
XF
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.2022-08-01not yet calculatedCVE-2022-30616
XF
CONFIRM
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.2022-08-01not yet calculatedCVE-2022-22334
CONFIRM
XF
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888.2022-08-01not yet calculatedCVE-2022-33169
XF
CONFIRM
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.2022-08-01not yet calculatedCVE-2022-35716
XF
CONFIRM
image-tiler -- image-tilerThis affects the package image-tiler before 2.0.2.2022-08-02not yet calculatedCVE-2020-28451
MISC
MISC
imbrn -- v8n
 
NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails (eg.: `attacker@attacker.com,victim@victim.com`) to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim's e-mail addresses. The attacker could then login as a newly created user with the email being `attacker@attacker.com,victim@victim.com`. This means that basic authorization like `email.endsWith("@victim.com")` in the `signIn` callback would fail to communicate a threat to the developer and would let the attacker bypass authorization, even with an `@attacker.com` address. This vulnerability has been patched in `v4.10.3` and `v3.29.10` by normalizing the email value that is sent to the sign-in endpoint before accessing it anywhere else. We also added a `normalizeIdentifier` callback on the `EmailProvider` configuration, where you can further tweak your requirements for what your system considers a valid e-mail address. (E.g.: strict RFC2821 compliance). Users are advised to upgrade. There are no known workarounds for this vulnerability. If for some reason you cannot upgrade, you can normalize the incoming request using Advanced Initialization.2022-08-02not yet calculatedCVE-2022-35924
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
imbrn -- v8n
 
v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of 'a' + 'a'.repeat(i) + 'A' with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.2022-08-02not yet calculatedCVE-2022-35923
CONFIRM
MISC
MISC
inavitas -- solar_logInavitas Solar Log product has an unauthenticated SQL Injection vulnerability.2022-07-29not yet calculatedCVE-2022-1277
CONFIRM
inductive_automation -- ignition
 
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.2022-08-05not yet calculatedCVE-2022-1704
MISC
interview_management_system -- interview_management_system
 
A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability.2022-08-05not yet calculatedCVE-2022-2685
MISC
MISC
MISC
interview_management_system -- interview_management_system
 
A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667.2022-08-05not yet calculatedCVE-2022-2679
MISC
MISC
itpison -- omicard_edm
 
OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.2022-08-04not yet calculatedCVE-2022-35216
MISC
itpison -- omnicard_edm
 
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.2022-08-04not yet calculatedCVE-2022-32965
MISC
itpison -- omnicard_edm
 
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.2022-08-04not yet calculatedCVE-2022-32963
MISC
itpison -- omnicard_edm
 
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.2022-08-04not yet calculatedCVE-2022-32964
MISC
jeecg-boot -- jeecg-boot
 
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability.2022-08-04not yet calculatedCVE-2022-2647
MISC
MISC
jetbrains -- rider
 
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution2022-08-03not yet calculatedCVE-2022-37396
MISC
jflyfox -- jfinal_cmsJFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.2022-08-03not yet calculatedCVE-2022-34928
MISC
kaspersky -- vpn_secure_connection
 
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.2022-08-05not yet calculatedCVE-2022-27535
MISC
keycloak -- keycloak
 
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled2022-08-05not yet calculatedCVE-2022-2668
MISC
krakend -- multiple_products
 
Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable.2022-08-01not yet calculatedCVE-2022-1561
CONFIRM
CONFIRM
kromit -- titraImproper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.2022-08-01not yet calculatedCVE-2022-2595
MISC
CONFIRM
kvm -- kvm
 
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.2022-08-05not yet calculatedCVE-2022-1158
MISC
MISC
landray -- landling_oa
 
Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.2022-08-02not yet calculatedCVE-2022-34924
MISC
MISC
laravel -- laravel
 
Laravel v5.1 was discovered to contain a remote code execution (RCE) vulnerability via the component ChanceGenerator in __call.2022-08-03not yet calculatedCVE-2022-34943
MISC
libtiff -- libtiffA stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file.2022-07-29not yet calculatedCVE-2022-34526
MISC
FEDORA
linux -- linux_kernel
 
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.2022-08-05not yet calculatedCVE-2022-1012
MISC
linux -- linux_kernel
 
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.2022-08-05not yet calculatedCVE-2022-1973
MISC
loan_management_system -- loan_management_system
 
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.2022-08-05not yet calculatedCVE-2022-2667
MISC
MISC
luadec -- luadec
 
Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending.2022-08-03not yet calculatedCVE-2022-34992
MISC
makedeb -- mprweb
 
mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed.2022-08-01not yet calculatedCVE-2022-31185
MISC
CONFIRM
mango -- mango
 
An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins.2022-08-01not yet calculatedCVE-2022-34567
MISC
MISC
MISC
MISC
mealie -- mealieA stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.2022-08-02not yet calculatedCVE-2022-34619
MISC
MISC
MISC
MISC
MISC
mealie -- mealieA stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field.2022-08-02not yet calculatedCVE-2022-34618
MISC
MISC
MISC
MISC
MISC
mealie -- mealie
 
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.2022-08-02not yet calculatedCVE-2022-34613
MISC
MISC
MISC
MISC
mealie -- mealie
 
Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.2022-08-02not yet calculatedCVE-2022-34625
MISC
MISC
MISC
MISC
MISC
mediatek -- chipsets_in_multiple_productsIn wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088.2022-08-01not yet calculatedCVE-2022-26445
MISC
mediatek -- chipsets_in_multiple_productsIn wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075; Issue ID: GN20220420075.2022-08-01not yet calculatedCVE-2022-26444
MISC
mediatek -- chipsets_in_multiple_productsIn wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068; Issue ID: GN20220420068.2022-08-01not yet calculatedCVE-2022-26443
MISC
mediatek -- chipsets_in_multiple_productsIn wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051.2022-08-01not yet calculatedCVE-2022-26442
MISC
mediatek -- chipsets_in_multiple_productsIn wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044; Issue ID: GN20220420044.2022-08-01not yet calculatedCVE-2022-26441
MISC
mediatek -- chipsets_in_multiple_productsIn wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037.2022-08-01not yet calculatedCVE-2022-26440
MISC
mediatek -- chipsets_in_multiple_productsIn wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013.2022-08-01not yet calculatedCVE-2022-26438
MISC
mediatek -- chipsets_in_multiple_productsIn wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020.2022-08-01not yet calculatedCVE-2022-26439
MISC
mediatek -- chipsets_in_multiple_productsIn httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831.2022-08-01not yet calculatedCVE-2022-26437
MISC
michlol-rashim -- michlol-rashim
 
Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.2022-08-05not yet calculatedCVE-2022-34769
MISC
milkytracker -- milkytracker
 
MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.2022-08-03not yet calculatedCVE-2022-34927
MISC
MISC
monetdb -- monetdb
 
The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13.2022-08-03not yet calculatedCVE-2022-34967
MISC
monorepo-build -- monorepo-buildThis affects all versions of package monorepo-build.2022-08-02not yet calculatedCVE-2020-28423
MISC
moodle -- moodleIn Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.2022-08-05not yet calculatedCVE-2020-1754
MISC
moodle -- moodleIn Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.2022-08-05not yet calculatedCVE-2020-1691
MISC
multi_language_hotel_management_software -- multi_language_hotel_management_software
 
A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596.2022-08-04not yet calculatedCVE-2022-2656
MISC
MISC
multi_language_hotel_management_software -- multi_language_hotel_management_software
 
A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595.2022-08-04not yet calculatedCVE-2022-2648
MISC
MISC
next.js -- nextauth.js
 
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs.2022-08-01not yet calculatedCVE-2022-31186
MISC
MISC
CONFIRM
MISC
nextcloud -- mail
 
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.2022-08-04not yet calculatedCVE-2022-31119
CONFIRM
MISC
MISC
nextcloud -- mail
 
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`2022-08-04not yet calculatedCVE-2022-31132
CONFIRM
nextcloud -- server
 
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`.2022-08-04not yet calculatedCVE-2022-31118
CONFIRM
MISC
nextcloud -- server
 
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.2022-08-04not yet calculatedCVE-2022-31120
CONFIRM
MISC
MISC
nhi_card -- nhi_card
 
The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.2022-08-02not yet calculatedCVE-2022-35218
MISC
nhi_card -- nhi_card
 
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.2022-08-02not yet calculatedCVE-2022-35219
MISC
nhi_card -- nhi_card
 
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.2022-08-02not yet calculatedCVE-2022-35217
MISC
nlnet_labs -- unbound
 
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.2022-08-01not yet calculatedCVE-2022-30699
CONFIRM
nlnet_labs -- unbound
 
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.2022-08-01not yet calculatedCVE-2022-30698
CONFIRM
node-fetch -- node-fetchDenial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10.2022-08-01not yet calculatedCVE-2022-2596
MISC
CONFIRM
node-latex-pdf -- node-latex-pdf
 
This affects all versions of package node-latex-pdf.2022-08-02not yet calculatedCVE-2020-28433
MISC
npos-tesseract -- npos-tesseractThis affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.2022-08-02not yet calculatedCVE-2020-28453
MISC
nvidia -- vgpu_software
 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.2022-08-05not yet calculatedCVE-2022-31614
MISC
nvidia -- vgpu_software
 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service.2022-08-05not yet calculatedCVE-2022-31618
MISC
nvidia -- vgpu_software
 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.2022-08-05not yet calculatedCVE-2022-31609
MISC
online_admission_system -- online_admission_system
 
A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability.2022-08-04not yet calculatedCVE-2022-2644
MISC
MISC
online_admission_system -- online_admission_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8</h3><script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572.2022-08-04not yet calculatedCVE-2022-2646
MISC
MISC
online_admission_system -- online_admission_system
 
A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564.2022-08-04not yet calculatedCVE-2022-2643
MISC
MISC
online_student_admission_system -- online_student_admission_system
 
A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability.2022-08-05not yet calculatedCVE-2022-2681
MISC
MISC
online_tours_and_travels_management_system -- online_tours_and_travels_management_systemOnline Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php.2022-08-02not yet calculatedCVE-2022-35421
MISC
openstack -- nova
 
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.2022-08-03not yet calculatedCVE-2022-37394
MISC
MISC
MISC
openzeppelin -- contracts
 
OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-35916
MISC
CONFIRM
openzeppelin -- contracts
 
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-35915
MISC
CONFIRM
openzeppelin -- contracts
 
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.2022-08-01not yet calculatedCVE-2022-31198
MISC
CONFIRM
oretnom23 -- fast_food_ordering_system
 
A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability.2022-08-06not yet calculatedCVE-2022-2686
MISC
MISC
percona -- percona_server_for_mysql
 
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.2022-08-03not yet calculatedCVE-2022-34968
MISC
pgjdbc -- pgjdbc
 
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-03not yet calculatedCVE-2022-31197
MISC
CONFIRM
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php.2022-08-02not yet calculatedCVE-2022-34953
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php.2022-08-02not yet calculatedCVE-2022-34952
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.2022-08-02not yet calculatedCVE-2022-34951
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php.2022-08-02not yet calculatedCVE-2022-34950
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php.2022-08-02not yet calculatedCVE-2022-34949
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php.2022-08-02not yet calculatedCVE-2022-34954
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.2022-08-02not yet calculatedCVE-2022-34948
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.2022-08-02not yet calculatedCVE-2022-34947
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.2022-08-02not yet calculatedCVE-2022-34946
MISC
pharmacy_management_system -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.2022-08-02not yet calculatedCVE-2022-34945
MISC
pingcap -- pingcap_tidb
 
PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference.2022-08-03not yet calculatedCVE-2022-34969
MISC
plankanban -- planka
 
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.2022-08-04not yet calculatedCVE-2022-2653
MISC
CONFIRM
pligg -- pligg_cmsPligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.2022-08-02not yet calculatedCVE-2022-34955
MISC
pligg -- pligg_cmsPligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.2022-08-02not yet calculatedCVE-2022-34956
MISC
prestashop -- prestashop
 
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.2022-08-01not yet calculatedCVE-2022-31181
MISC
MISC
CONFIRM
private_cloud_management_platform -- private_cloud_management_platform
 
A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability.2022-08-05not yet calculatedCVE-2022-2664
MISC
progress -- ws-ftp_server
 
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser.2022-08-02not yet calculatedCVE-2022-36967
MISC
MISC
progress -- ws-ftp_server
 
In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.2022-08-02not yet calculatedCVE-2022-36968
MISC
MISC
pyrocms -- pyrocmsPyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.2022-08-01not yet calculatedCVE-2022-35118
MISC
MISC
quest -- kace_systems_management_appliance
 
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.2022-08-02not yet calculatedCVE-2022-29808
MISC
MISC
quest -- kace_systems_management_appliance
 
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.2022-08-02not yet calculatedCVE-2022-29807
MISC
MISC
quest -- kace_systems_management_appliance
 
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.2022-08-02not yet calculatedCVE-2022-30285
MISC
MISC
rapid7 -- velociraptorA cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2.2022-07-29not yet calculatedCVE-2022-35630
CONFIRM
rapid7 -- velociraptorOn MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.2022-07-29not yet calculatedCVE-2022-35631
CONFIRM
rapid7 -- velociraptorThe Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2.2022-07-29not yet calculatedCVE-2022-35632
CONFIRM
rapid7 -- velociraptorDue to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.2022-07-29not yet calculatedCVE-2022-35629
CONFIRM
realtek  -- e-cos_rsdk
 
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.2022-08-01not yet calculatedCVE-2022-27255
MISC
MISC
renato -- renato
 
Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability.2022-08-04not yet calculatedCVE-2022-35144
MISC
MISC
MISC
MISC
renato -- renato
 
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.2022-08-04not yet calculatedCVE-2022-35143
MISC
MISC
MISC
MISC
renato -- renato
 
An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter.2022-08-04not yet calculatedCVE-2022-35142
MISC
MISC
MISC
MISC
rigatur -- online_booking_and_hotel_management_system
 
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.2022-08-05not yet calculatedCVE-2022-2673
MISC
rsync -- rsync
 
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).2022-08-02not yet calculatedCVE-2022-29154
MLIST
MISC
s3-kilatstorage -- s3-kilatstorageThis affects all versions of package s3-kilatstorage.2022-08-02not yet calculatedCVE-2020-28424
MISC
samsung -- cameralyzer
 
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.2022-08-05not yet calculatedCVE-2022-36832
MISC
samsung -- charm
 
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.2022-08-05not yet calculatedCVE-2022-36830
MISC
samsung -- charm
 
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.2022-08-05not yet calculatedCVE-2022-33734
MISC
samsung -- charm
 
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.2022-08-05not yet calculatedCVE-2022-36836
MISC
samsung -- charm
 
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.2022-08-05not yet calculatedCVE-2022-36829
MISC
samsung -- charm
 
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.2022-08-05not yet calculatedCVE-2022-33733
MISC
samsung -- checkout
 
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.2022-08-05not yet calculatedCVE-2022-36839
MISC
samsung -- galaxy_wearable
 
Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.2022-08-05not yet calculatedCVE-2022-36838
MISC
samsung -- game_launcher
 
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.2022-08-05not yet calculatedCVE-2022-36834
MISC
samsung -- game_optimizing_service
 
Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.2022-08-05not yet calculatedCVE-2022-36833
MISC
samsung -- internet_browser
 
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.2022-08-05not yet calculatedCVE-2022-36835
MISC
samsung -- internet_browser
 
Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.2022-08-05not yet calculatedCVE-2022-36837
MISC
samsung -- mtower
 
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.2022-08-04not yet calculatedCVE-2022-35858
MISC
MISC
samsung -- multiple_productsExposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.2022-08-05not yet calculatedCVE-2022-33724
MISC
samsung -- multiple_products
 
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.2022-08-05not yet calculatedCVE-2022-33729
MISC
samsung -- multiple_products
 
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.2022-08-05not yet calculatedCVE-2022-33727
MISC
samsung -- multiple_products
 
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.2022-08-05not yet calculatedCVE-2022-33730
MISC
samsung -- multiple_products
 
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.2022-08-05not yet calculatedCVE-2022-33731
MISC
samsung -- multiple_products
 
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.2022-08-05not yet calculatedCVE-2022-33732
MISC
samsung -- multiple_products
 
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.2022-08-05not yet calculatedCVE-2022-33726
MISC
samsung -- multiple_products
 
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.2022-08-05not yet calculatedCVE-2022-33720
MISC
samsung -- multiple_products
 
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.2022-08-05not yet calculatedCVE-2022-33725
MISC
samsung -- multiple_products
 
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.2022-08-05not yet calculatedCVE-2022-33723
MISC
samsung -- multiple_products
 
Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.2022-08-05not yet calculatedCVE-2022-33719
MISC
samsung -- multiple_products
 
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.2022-08-05not yet calculatedCVE-2022-33728
MISC
samsung -- multiple_products
 
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.2022-08-05not yet calculatedCVE-2022-33718
MISC
samsung -- multiple_products
 
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.2022-08-05not yet calculatedCVE-2022-33717
MISC
samsung -- multiple_products
 
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.2022-08-05not yet calculatedCVE-2022-33716
MISC
samsung -- multiple_products
 
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.2022-08-05not yet calculatedCVE-2022-33722
MISC
samsung -- multiple_products
 
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.2022-08-05not yet calculatedCVE-2022-33721
MISC
samsung -- multiple_products
 
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.2022-08-05not yet calculatedCVE-2022-33714
MISC
samsung -- multiple_products
 
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.2022-08-05not yet calculatedCVE-2022-33715
MISC
samsung -- notes
 
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.2022-08-05not yet calculatedCVE-2022-36831
MISC
samsung -- update_setup
 
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.2022-08-05not yet calculatedCVE-2022-36840
MISC
sanic -- sanic
 
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.2022-08-01not yet calculatedCVE-2022-35920
MISC
CONFIRM
MISC
sante -- dicom_viewer_pro
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679.2022-08-03not yet calculatedCVE-2022-28668
MISC
sante -- pacs_server
 
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331.2022-08-03not yet calculatedCVE-2022-2272
MISC
scala -- fs2
 
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection.2022-08-01not yet calculatedCVE-2022-31183
CONFIRM
MISC
MISC
shescape -- shescape
 
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`'\n'`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`'\n'`) can be stripped out manually or the user input can be made the last argument (this only limits the impact).2022-08-01not yet calculatedCVE-2022-31179
MISC
CONFIRM
MISC
shescape -- shescape
 
Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. The result is that if an attacker is able to include whitespace in their input they can: 1. Invoke shell-specific behaviour through shell-specific special characters inserted directly after whitespace. 2. Invoke shell-specific behaviour through shell-specific special characters inserted or appearing after line terminating characters. 3. Invoke arbitrary commands by inserting a line feed character. 4. Invoke arbitrary commands by inserting a carriage return character. Behaviour number 1 has been patched in [v1.5.7] which you can upgrade to now. No further changes are required. Behaviour number 2, 3, and 4 have been patched in [v1.5.8] which you can upgrade to now. No further changes are required. The best workaround is to avoid having to use the `interpolation: true` option - in most cases using an alternative is possible, see [the recipes](https://github.com/ericcornelissen/shescape#recipes) for recommendations. Alternatively, users may strip all whitespace from user input. Note that this is error prone, for example: for PowerShell this requires stripping `'\u0085'` which is not included in JavaScript's definition of `\s` for Regular Expressions.2022-08-01not yet calculatedCVE-2022-31180
MISC
MISC
MISC
MISC
CONFIRM
shopware -- shopwareShopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-31148
CONFIRM
MISC
MISC
sigstore -- cosign
 
cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). This can happen when signing with a standard keypair and with "keyless" signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation --type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-04not yet calculatedCVE-2022-35929
MISC
CONFIRM
sigstore -- policycontroller
 
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade.2022-08-04not yet calculatedCVE-2022-35930
MISC
CONFIRM
MISC
simple_e-learning_system  -- simple_e-learning_system
 
A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615.2022-08-05not yet calculatedCVE-2022-2665
MISC
simple_food_ordereing_system -- simple_food_ordereing_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input "><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671.2022-08-05not yet calculatedCVE-2022-2683
MISC
MISC
solana-labs -- pay
 
Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-35917
MISC
MISC
CONFIRM
MISC
sonicwall -- email_security
 
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions2022-07-29not yet calculatedCVE-2022-2324
CONFIRM
sonicwall -- multiple_products
 
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.2022-07-29not yet calculatedCVE-2022-22280
CONFIRM
sonicwall -- switch
 
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions2022-07-29not yet calculatedCVE-2022-2323
CONFIRM
sourcegraph -- sourcegraph
 
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended.2022-08-01not yet calculatedCVE-2022-31154
CONFIRM
MISC
sourcegraph -- sourcegraph
 
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended.2022-08-01not yet calculatedCVE-2022-31155
MISC
CONFIRM
sqlite -- sqlite
 
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.2022-08-03not yet calculatedCVE-2022-35737
MISC
MISC
streamlit -- streamlit
 
Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.2022-08-01not yet calculatedCVE-2022-35918
CONFIRM
MISC
supersmart.me -- supersmart.me
 
Supersmart.me - Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer's cart without verification. Because the number of purchases is serial.2022-08-05not yet calculatedCVE-2022-34768
MISC
synology -- calendar
 
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.2022-08-03not yet calculatedCVE-2022-27617
CONFIRM
synology -- diskstation_manager
 
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.2022-08-03not yet calculatedCVE-2022-27616
CONFIRM
synology -- note_station_client
 
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.2022-08-03not yet calculatedCVE-2022-27619
CONFIRM
synology -- sso_server
 
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.2022-08-03not yet calculatedCVE-2022-27620
CONFIRM
synology -- storage_analyzer
 
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.2022-08-03not yet calculatedCVE-2022-27618
CONFIRM
synology -- usb_copy
 
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.2022-08-03not yet calculatedCVE-2022-27621
CONFIRM
tcl -- linkhub_mesh_wifi
 
An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-22140
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the miniupnpd binary.2022-08-05not yet calculatedCVE-2022-24017
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the multiWAN binary.2022-08-05not yet calculatedCVE-2022-24018
MISC
tcl -- linkhub_mesh_wifi
 
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-22144
MISC
tcl -- linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-23103
MISC
tcl -- linkhub_mesh_wifi
 
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-27660
MISC
tcl -- linkhub_mesh_wifi
 
An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-27633
MISC
tcl -- linkhub_mesh_wifi
 
An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-27630
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the ap_steer binary.2022-08-05not yet calculatedCVE-2022-24005
MISC
tcl -- linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow.2022-08-05not yet calculatedCVE-2022-23918
MISC
tcl -- linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow.2022-08-05not yet calculatedCVE-2022-23919
MISC
tcl -- linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-23399
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the arpbrocast binary.2022-08-05not yet calculatedCVE-2022-24006
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cfm binary.2022-08-05not yet calculatedCVE-2022-24007
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confcli binary.2022-08-05not yet calculatedCVE-2022-24008
MISC
tcl -- linkhub_mesh_wifi
 
An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-21178
MISC
tcl -- linkhub_mesh_wifi
 
A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-27178
MISC
tcl -- linkhub_mesh_wifi
 
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-27185
MISC
tcl -- linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-21201
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confsrv binary.2022-08-05not yet calculatedCVE-2022-24009
MISC
tcl -- linkhub_mesh_wifi
 
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-26346
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the netctrl binary.2022-08-05not yet calculatedCVE-2022-24019
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary.2022-08-05not yet calculatedCVE-2022-24022
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommonprod.so binary.2022-08-05not yet calculatedCVE-2022-24028
MISC
tcl -- linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-26009
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the fota binary.2022-08-05not yet calculatedCVE-2022-24012
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the gpio_ctrl binary.2022-08-05not yet calculatedCVE-2022-24013
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the logserver binary.2022-08-05not yet calculatedCVE-2022-24014
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the log_upload binary.2022-08-05not yet calculatedCVE-2022-24015
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rp-pppoe.so binary.2022-08-05not yet calculatedCVE-2022-24029
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the mesh_status_check binary.2022-08-05not yet calculatedCVE-2022-24016
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommon.so binary.2022-08-05not yet calculatedCVE-2022-24027
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pppd binary.2022-08-05not yet calculatedCVE-2022-24023
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the network_check binary.2022-08-05not yet calculatedCVE-2022-24020
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the online_process binary.2022-08-05not yet calculatedCVE-2022-24021
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cwmpd binary.2022-08-05not yet calculatedCVE-2022-24010
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the telnet_ate_monitor binary.2022-08-05not yet calculatedCVE-2022-24026
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the sntp binary.2022-08-05not yet calculatedCVE-2022-24025
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rtk_ate binary.2022-08-05not yet calculatedCVE-2022-24024
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary.2022-08-05not yet calculatedCVE-2022-24011
MISC
tcl -- linkhub_mesh_wifi
 
A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-26342
MISC
tcl -- linkhub_mesh_wifi
 
A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.2022-08-05not yet calculatedCVE-2022-25996
MISC
teamplus_technology -- teamplus_pro
 
Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application.2022-08-02not yet calculatedCVE-2022-35220
MISC
teamplus_technology -- teamplus_pro
 
Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.2022-08-02not yet calculatedCVE-2022-35221
MISC
tem -- flex-1085A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.2022-08-01not yet calculatedCVE-2022-2591
MISC
tencent -- tscancode
 
A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script.2022-08-03not yet calculatedCVE-2022-35158
MISC
thoughtbot -- administrateCross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.2022-08-05not yet calculatedCVE-2016-3098
MISC
tibco -- iway_service_manager
 
The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.2022-08-02not yet calculatedCVE-2022-30572
CONFIRM
CONFIRM
tibco -- iway_service_manager
 
The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.2022-08-02not yet calculatedCVE-2022-30571
CONFIRM
CONFIRM
tooljet -- tooljetImproper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.2022-08-02not yet calculatedCVE-2022-2631
MISC
CONFIRM
totolink -- totlink_a3600r_firmware
 
Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.2022-08-04not yet calculatedCVE-2022-34993
MISC
MISC
trend_micro -- apex_one_and_worry-free_business_security
 
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.2022-07-30not yet calculatedCVE-2022-36336
MISC
MISC
trend_micro -- securityTrend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.2022-07-30not yet calculatedCVE-2022-35234
MISC
MISC
trend_mirco -- vpn_proxy_one_pro
 
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.2022-07-30not yet calculatedCVE-2022-33158
MISC
MISC
triplecross -- triplecross
 
TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters.2022-08-03not yet calculatedCVE-2022-35506
MISC
triplecross -- triplecross
 
A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command.2022-08-03not yet calculatedCVE-2022-35505
MISC
umlaeute -- v4l2loopback
 
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).2022-08-04not yet calculatedCVE-2022-2652
CONFIRM
MISC
undertow -- undertow
 
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.2022-08-05not yet calculatedCVE-2022-2053
MISC
MISC
unitree -- go_1_robotics_platform
 
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.2022-08-05not yet calculatedCVE-2022-2675
MISC
MISC
MISC
uniwill -- sparkio.sys_driver
 
The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008.2022-08-05not yet calculatedCVE-2022-37415
MISC
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.2022-08-01not yet calculatedCVE-2022-2571
MISC
CONFIRM
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.2022-08-01not yet calculatedCVE-2022-2580
CONFIRM
MISC
vim -- vimOut-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.2022-08-01not yet calculatedCVE-2022-2581
CONFIRM
MISC
vim -- vimUndefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.2022-08-01not yet calculatedCVE-2022-2598
MISC
CONFIRM
vinchin -- backup_and_recovery
 
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.2022-08-03not yet calculatedCVE-2022-35866
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.2022-08-05not yet calculatedCVE-2022-31656
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.2022-08-05not yet calculatedCVE-2022-31660
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.2022-08-05not yet calculatedCVE-2022-31664
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.2022-08-05not yet calculatedCVE-2022-31662
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.2022-08-05not yet calculatedCVE-2022-31663
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.2022-08-05not yet calculatedCVE-2022-31661
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.2022-08-05not yet calculatedCVE-2022-31659
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.2022-08-05not yet calculatedCVE-2022-31658
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.2022-08-05not yet calculatedCVE-2022-31657
MISC
vmware -- multiple_products
 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.2022-08-05not yet calculatedCVE-2022-31665
MISC
web_based_quiz_system -- web_based_quiz_systemWeb Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php.2022-08-02not yet calculatedCVE-2022-35422
MISC
websockets-rs -- rust-websocket
 
Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When `Vec::with_capacity` fails to allocate, the default Rust allocator will abort the current process, killing all threads. This affects only sync (non-Tokio) implementation. Async version also does not limit memory, but does not use `with_capacity`, so DoS can happen only when bytes for oversized dataframe or message actually got delivered by the attacker. The crashes are fixed in version 0.26.5 by imposing default dataframe size limits. Affected users are advised to update to this version. Users unable to upgrade are advised to filter websocket traffic externally or to only accept trusted traffic.2022-08-01not yet calculatedCVE-2022-35922
MISC
CONFIRM
wedding_hall_booking_system -- wedding_hall_booking_system
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability.2022-08-06not yet calculatedCVE-2022-2691
MISC
MISC
wedding_hall_booking_system -- wedding_hall_booking_system
 
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812.2022-08-06not yet calculatedCVE-2022-2689
MISC
MISC
wedding_hall_booking_system -- wedding_hall_booking_system
 
A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability.2022-08-06not yet calculatedCVE-2022-2690
MISC
MISC
wedding_hall_booking_system -- wedding_hall_booking_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815.2022-08-06not yet calculatedCVE-2022-2692
MISC
MISC
western_digital -- sweet_bWhen computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.2022-07-29not yet calculatedCVE-2022-23004
MISC
western_digital -- sweet_bWhen computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.2022-07-29not yet calculatedCVE-2022-23003
MISC
western_digital -- sweet_bWhen compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.2022-07-29not yet calculatedCVE-2022-23002
MISC
western_digital -- sweet_bWhen compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.2022-07-29not yet calculatedCVE-2022-23001
MISC
wordpress -- wordpressThe Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.2022-08-01not yet calculatedCVE-2022-1906
MISC
wordpress -- wordpressAuthenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.2022-08-01not yet calculatedCVE-2022-36343
CONFIRM
CONFIRM
wordpress -- wordpressThe Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.2022-08-01not yet calculatedCVE-2022-2171
MISC
wordpress -- wordpressThe Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.2022-08-01not yet calculatedCVE-2022-2170
MISC
wordpress -- wordpressThe Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection2022-08-01not yet calculatedCVE-2022-1950
MISC
wordpress -- wordpressThe Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting2022-08-01not yet calculatedCVE-2022-2181
MISC
wordpress -- wordpressThe YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.2022-08-01not yet calculatedCVE-2022-1600
MISC
wordpress -- wordpressThe CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.2022-08-01not yet calculatedCVE-2022-2184
MISC
wordpress -- wordpressThe Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.2022-08-01not yet calculatedCVE-2022-1585
MISC
wordpress -- wordpressAuthenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.2022-07-29not yet calculatedCVE-2022-36378
CONFIRM
CONFIRM
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.2022-08-05not yet calculatedCVE-2022-33201
CONFIRM
CONFIRM
wordpress -- wordpressThe GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)2022-08-01not yet calculatedCVE-2022-2215
MISC
wordpress -- wordpressThe Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.2022-08-01not yet calculatedCVE-2022-2273
MISC
wordpress -- wordpressThe Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-08-01not yet calculatedCVE-2022-0598
MISC
wordpress -- wordpressThe Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)2022-08-01not yet calculatedCVE-2022-2325
MISC
wordpress -- wordpressThe Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues2022-08-01not yet calculatedCVE-2022-2241
MISC
wordpress -- wordpressThe Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)2022-08-01not yet calculatedCVE-2022-2278
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews.2022-08-05not yet calculatedCVE-2021-36861
CONFIRM
CONFIRM
wordpress -- wordpressAuthenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.2022-08-01not yet calculatedCVE-2022-34154
CONFIRM
CONFIRM
wordpress -- wordpressThe WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)2022-08-01not yet calculatedCVE-2022-2305
MISC
wordpress -- wordpressThe Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.2022-08-01not yet calculatedCVE-2022-2317
MISC
wordpress -- wordpressThe Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks2022-08-01not yet calculatedCVE-2022-2245
MISC
wordpress -- wordpressThe Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-08-01not yet calculatedCVE-2022-2328
MISC
wordpress -- wordpressThe GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.2022-08-01not yet calculatedCVE-2022-2260
MISC
wordpress -- wordpressThe YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin2022-08-01not yet calculatedCVE-2022-2369
MISC
wordpress -- wordpressThe YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them2022-08-01not yet calculatedCVE-2022-2370
MISC
wordpress -- wordpressThe Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2022-08-01not yet calculatedCVE-2022-1324
MISC
wordpress -- wordpress
 
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.2022-08-05not yet calculatedCVE-2022-25649
CONFIRM
CONFIRM
wordpress -- wordpress
 
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.2022-08-05not yet calculatedCVE-2022-36284
CONFIRM
CONFIRM
wordpress -- wordpress
 
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.2022-07-30not yet calculatedCVE-2022-33994
MISC
wordpress -- wordpress
 
Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete.2022-08-05not yet calculatedCVE-2022-36296
CONFIRM
CONFIRM
xhyve -- xhyve
 
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.2022-08-03not yet calculatedCVE-2022-35867
MISC
yuba -- u5cms
 
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.2022-08-03not yet calculatedCVE-2022-34937
MISC
zlib -- zlib
 
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).2022-08-05not yet calculatedCVE-2022-37434
MISC
MISC
MISC
MISC
MLIST

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.