search

Cve-2022-44228 là gì

Ngày đăng: 08/10/2022
Trả lời: 0
Lượt xem: 21

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CVE NumberDescriptionBase ScoreReference
CVE-2020-7352 The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software 2.0.12 and earlier as well as the 1.2.x branch 1.2.64 and earlier . A fix was issued for the 2.0.x branch of the affected software. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7352
CVE-2020-13584 An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13584
CVE-2020-35135 The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35135
CVE-2021-21017 Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21017
CVE-2021-1309 Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent . 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1309
CVE-2020-13566 SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin edit_group.php, when the parameter action is “Delete”, the parameter delete_group leads to a SQL injection. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13566
CVE-2020-13568 SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin edit_group.php, when the parameter action is “Submit”, the parameter parent_id leads to a SQL injection. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13568
CVE-2020-7034 A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7034
CVE-2021-1284 A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based messaging service interface of an affected system. A successful exploit could allow the attacker to gain unauthenticated read and write access to the affected vManage system. With this access, the attacker could access information about the affected vManage system, modify the configuration of the system, or make configuration changes to devices that are managed by the system. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1284
CVE-2021-1505 Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1505
CVE-2021-32620 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32620
CVE-2021-1574 Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1574
CVE-2021-1576 Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1576
CVE-2021-41263 rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails’ signed encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different ‘sites’ within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed encrypted cookies. The impact of this invalidation will vary based on the application architecture. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41263
CVE-2021-3725 Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3725
CVE-2021-42124 An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42124
CVE-2021-42126 An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42126
CVE-2021-24750 The WP Visitor Statistics Real Time Traffic WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24750
CVE-2021-43858 MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43858
CVE-2021-32649 October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with “create, modify and delete website pages” privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 v1.0.473 and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32649
CVE-2021-32650 October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates. The issue has been patched in Build 473 v1.0.473 and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32650
CVE-2022-0323 Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache mustache prior to 2.14.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0323
CVE-2021-3967 Improper Access Control in GitHub repository zulip zulip prior to 4.10. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3967
CVE-2022-0410 The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0410
CVE-2022-24715 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24715
CVE-2022-28506 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB in gif2rgb.c:298:45. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28506
CVE-2021-43939 Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43939
CVE-2022-28572 Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28572
CVE-2022-28799 The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28799
CVE-2022-22476 IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22476
CVE-2022-31144 Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31144
CVE-2022-26137 A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26137
CVE-2022-1042 In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1042
CVE-2022-34549 Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34549
CVE-2022-36882 A cross-site request forgery CSRF vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36882
CVE-2022-36889 Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36889
CVE-2022-36920 A cross-site request forgery CSRF vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36920
CVE-2022-1855 Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1855
CVE-2022-1856 Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1856
CVE-2022-1857 Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1857
CVE-2022-1859 Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1859
CVE-2022-1860 Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1860
CVE-2022-1861 Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1861
CVE-2022-1866 Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1866
CVE-2022-1874 Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1874
CVE-2022-1876 Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1876
CVE-2022-1919 Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1919
CVE-2022-2007 Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2007
CVE-2022-2008 Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2008
CVE-2022-2158 Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2158
CVE-2022-2161 Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2161
CVE-2022-2162 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2162
CVE-2022-2415 Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2415
CVE-2022-36988 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36988
CVE-2022-36989 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36989
CVE-2022-36992 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server in specific notify conditions . 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36992
CVE-2022-36993 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36993
CVE-2022-36997 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery SSRF , and denial of service. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36997
CVE-2022-2163 Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2163
CVE-2022-2294 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2294
CVE-2022-2295 Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2295
CVE-2022-2296 Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2296
CVE-2022-2477 Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2477
CVE-2022-2481 Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2481
CVE-2022-22684 Improper neutralization of special elements used in an OS command ’OS Command Injection’ vulnerability in task management component in Synology DiskStation Manager DSM before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22684
CVE-2022-27613 Improper neutralization of special elements used in an SQL command ’SQL Injection’ vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27613
CVE-2022-36364 Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1 the attacker needs to have privileges to control JDBC connection parameters 2 and there should be a vulnerable class constructor with URL parameter and ability to execute code in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36364
CVE-2022-29558 Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29558
CVE-2022-34557 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at pages permit permit.php. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34557
CVE-2022-2577 A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file edituser.php. The manipulation of the argument id with the input leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2577
CVE-2022-27864 A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27864
CVE-2022-2323 Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2323
CVE-2022-34527 D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34527
CVE-2022-34528 D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34528
CVE-2022-31776 IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery SSRF . This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31776
CVE-2022-26309 Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26309
CVE-2022-26310 Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26310
CVE-2022-2184 The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2184
CVE-2022-2245 The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2245
CVE-2022-2273 The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted request. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2273
CVE-2022-34154 Authenticated author or higher user role Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP ICO Upload plugin = 1.0.1 at WordPress. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34154
CVE-2022-34567 An issue in \\Roaming\\Mango\\Plugins of University of Texas Multi-image Analysis GUI Mango 4.1 allows attackers to escalate privileges via crafted plugins. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34567
CVE-2022-34161 IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34161
CVE-2022-2631 Improper Access Control in GitHub repository tooljet tooljet prior to v1.19.0. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2631
CVE-2022-34928 JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via system user. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34928
CVE-2022-34937 Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery CSRF via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34937
CVE-2022-36359 An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36359
CVE-2022-2636 Improper Input Validation in GitHub repository hestiacp hestiacp prior to 1.6.6. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2636
CVE-2022-25649 Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25649
CVE-2022-33201 Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33201
CVE-2022-21201 A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21201
CVE-2022-24023 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurrences of the buffer overflow vulnerability within the pppd binary. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24023
CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34691
CVE-2022-34717 Microsoft Office Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34717
CVE-2022-35777 Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35825, CVE-2022-35826, CVE-2022-35827. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35777
CVE-2022-35804 SMB Client and Server Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35804
CVE-2022-35825 Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35826, CVE-2022-35827. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35825
CVE-2022-35826 Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35825, CVE-2022-35827. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35826
CVE-2022-35827 Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35825, CVE-2022-35826. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35827
CVE-2021-1274 Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-1274
CVE-2021-1279 Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-1279
CVE-2021-1402 A vulnerability in the software-based SSL TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of SSL TLS messages when the device performs software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL TLS message through an affected device. SSL TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-1402
CVE-2021-39184 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request an image of an arbitrary file on the user’s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one’s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-39184
CVE-2020-6998 The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2020-6998
CVE-2022-36955 In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36955
CVE-2022-35761 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34707, CVE-2022-35768. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2022-35761
CVE-2022-33636 Microsoft Edge Chromium-based Remote Code Execution Vulnerability. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-33636
CVE-2020-17437 An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2020-17437
CVE-2021-39341 The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~ OMAPI RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-39341
CVE-2022-36899 Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-36899
CVE-2022-36900 Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-36900
CVE-2021-21013 Magento versions 2.4.1 and earlier , 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user’s account. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21013
CVE-2021-21772 A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-21772
CVE-2021-20235 There’s a flaw in the zeromq server in versions before 4.3.3 in src decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-20235
CVE-2020-27009 A vulnerability has been identified in Nucleus NET (All versions V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-27009
CVE-2021-1542 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-1542
CVE-2021-39333 The Hashthemes Demo Importer Plugin 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content uploads. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39333
CVE-2021-41242 OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41242
CVE-2022-31163 TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31163
CVE-2022-36921 A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36921
CVE-2022-27615 Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27615
CVE-2022-22685 Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22685
CVE-2022-27611 Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27611
CVE-2022-1805 When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1805
CVE-2022-32293 In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-32293
CVE-2022-34702 Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767, CVE-2022-35794. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34702
CVE-2022-34714 Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767, CVE-2022-35794. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34714
CVE-2022-35766 Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35767, CVE-2022-35794. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35766
CVE-2022-35767 Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35794. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35767
CVE-2022-35794 Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35794
CVE-2022-35802 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35802
CVE-2020-10736 An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. 8 https://nvd.nist.gov/vuln/detail/CVE-2020-10736
CVE-2022-34571 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-34571
CVE-2022-36916 A cross-site request forgery CSRF vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-36916
CVE-2022-30287 Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-30287
CVE-2022-31197 PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow` method is not performing escaping of column names so a malicious column name that contains a statement terminator, could lead to SQL injection. This could lead to executing additional SQL commands as the application’s JDBC user. User applications that do not invoke the method are not impacted. User application that does invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name whose column names would contain the malicious SQL and subsequently invoke the method on the ResultSet. Note that the application’s JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-31197
CVE-2022-21980 Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24477, CVE-2022-24516. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-21980
CVE-2022-24477 Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24516. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-24477
CVE-2022-24516 Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21980, CVE-2022-24477. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-24516
CVE-2016-5195 Race condition in mm gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write COW feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.” 7.8 https://nvd.nist.gov/vuln/detail/CVE-2016-5195
CVE-2015-2325 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash , or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2015-2325
CVE-2020-27828 There’s a flaw in jasper’s jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27828
CVE-2020-13535 A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13535
CVE-2021-21048 Adobe Photoshop versions 21.2.4 and earlier and 22.1.1 and earlier are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21048
CVE-2021-21058 Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21058
CVE-2021-21059 Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21059
CVE-2021-21062 Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21062
CVE-2021-21063 Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21063
CVE-2021-1366 A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1366
CVE-2021-20194 There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt function that can lead to heap overflow because of non-hardened usercopy. The impact of attack could be deny of service or possibly privileges escalation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20194
CVE-2021-21071 Adobe Animate version 21.0.3 and earlier is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21071
CVE-2021-1137 Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1137
CVE-2021-1480 Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1480
CVE-2021-20294 A flaw was found in binutils readelf 2.35 program. An attacker who can convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20294
CVE-2021-1514 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1514
CVE-2020-27815 A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-27815
CVE-2020-10145 The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as C:\\ColdFusion2021\\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10145
CVE-2021-43019 Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43019
CVE-2021-43518 Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client’s stack causing denial of service or code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43518
CVE-2021-4173 vim is vulnerable to Use After Free 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4173
CVE-2021-4187 vim is vulnerable to Use After Free 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4187
CVE-2021-4192 vim is vulnerable to Use After Free 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4192
CVE-2021-31854 A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31854
CVE-2021-44204 Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image 2021 Windows before build 39287 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44204
CVE-2021-4106 A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4106
CVE-2021-42855 It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the “.debug_command.config” file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the “ api appInternals 1.0 agent configuration” API to map the corresponding ID to a command to be executed. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42855
CVE-2021-42029 A vulnerability has been identified in SIMATIC STEP 7 TIA Portal V15 All versions , SIMATIC STEP 7 TIA Portal V16 All versions V16 Update 5 , SIMATIC STEP 7 TIA Portal V17 All versions V17 Update 2 . An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42029
CVE-2021-3717 A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3717
CVE-2017-20052 A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-20052
CVE-2022-34918 An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net netfilter nf_tables_api.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34918
CVE-2022-23000 The Western Digital My Cloud Web App [https: os5.mycloud.com ] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an “SSL” context instead of “TLS” or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23000
CVE-2022-35870 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35870
CVE-2022-35871 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35871
CVE-2022-35872 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35872
CVE-2022-35873 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114 . User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35873
CVE-2022-29957 The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508) TCP, (18518) TCP Plug-and-Play (18510) UDP Hawk services (18507) UDP Management (18519) TCP Cold restart (18512) UDP SIS communications (12345) TCP and Wireless Gateway Protocol (18515) UDP. None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29957
CVE-2022-35672 Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35672
CVE-2021-38410 AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38410
CVE-2022-36949 In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36949
CVE-2022-36985 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36985
CVE-2022-37009 In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-37009
CVE-2021-39088 IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39088
CVE-2022-36123 The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol .bss . This allows Xen PV guest OS users to cause a denial of service or gain privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36123
CVE-2022-27873 An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27873
CVE-2022-33881 Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33881
CVE-2022-27865 A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27865
CVE-2022-27866 A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27866
CVE-2022-36336 A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36336
CVE-2022-26429 In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415 Issue ID: ALPS07025415. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26429
CVE-2022-2571 Heap-based Buffer Overflow in GitHub repository vim vim prior to 9.0.0101. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2571
CVE-2022-2580 Heap-based Buffer Overflow in GitHub repository vim vim prior to 9.0.0102. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2580
CVE-2022-2581 Out-of-bounds Read in GitHub repository vim vim prior to 9.0.0104. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2581
CVE-2022-34927 MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34927
CVE-2022-28668 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28668
CVE-2022-34992 Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34992
CVE-2022-31609 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-31609
CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30176, CVE-2022-34687, CVE-2022-35773, CVE-2022-35779, CVE-2022-35806. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30175
CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-34687, CVE-2022-35773, CVE-2022-35779, CVE-2022-35806. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30176
CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33640
CVE-2022-33648 Microsoft Excel Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33648
CVE-2022-33670 Windows Partition Management Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34703. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33670
CVE-2022-34687 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-35773, CVE-2022-35779, CVE-2022-35806. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34687
CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34696
CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34699
CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33670. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34703
CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35771. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34705
CVE-2022-34706 Windows Local Security Authority LSA Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34706
CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35761, CVE-2022-35768. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34707
CVE-2022-34713 Microsoft Windows Support Diagnostic Tool MSDT Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35743. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34713
CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35760
CVE-2022-35762 Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35763, CVE-2022-35764, CVE-2022-35765, CVE-2022-35792. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35762
CVE-2022-35763 Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35764, CVE-2022-35765, CVE-2022-35792. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35763
CVE-2022-35764 Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35763, CVE-2022-35765, CVE-2022-35792. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35764
CVE-2022-35765 Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35763, CVE-2022-35764, CVE-2022-35792. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35765
CVE-2022-35768 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34707, CVE-2022-35761. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35768
CVE-2022-35771 Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34705. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35771
CVE-2022-35773 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-34687, CVE-2022-35779, CVE-2022-35806. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35773
CVE-2022-35779 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-34687, CVE-2022-35773, CVE-2022-35806. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35779
CVE-2022-35792 Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35762, CVE-2022-35763, CVE-2022-35764, CVE-2022-35765. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35792
CVE-2022-35795 Windows Error Reporting Service Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35795
CVE-2022-35806 Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-34687, CVE-2022-35773, CVE-2022-35779. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35806
CVE-2022-35820 Windows Bluetooth Driver Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35820
CVE-2022-30134 Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21979, CVE-2022-34692. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2022-30134
CVE-2015-8080 Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service memory corruption and application crash or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-8080
CVE-2020-24368 Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-24368
CVE-2020-1679 On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device show krt state ... Number of async queue entries: 65007 --- this value keep on increasing. This issue affects Juniper Networks Junos OS on PTX QFX Series: 17.2X75 versions prior to 17.2X75-D105 18.1 versions prior to 18.1R3-S11 18.2 versions prior to 18.2R3-S5 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4 19.1 versions prior to 19.1R2-S2, 19.1R3-S2 19.2 versions prior to 19.2R1-S5, 19.2R3 19.3 versions prior to 19.3R2-S3, 19.3R3 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1679
CVE-2020-28366 Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28366
CVE-2020-28367 Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-28367
CVE-2020-13987 An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net ipv4 uip.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13987
CVE-2020-29361 An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-29361
CVE-2018-7580 Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp 80 will freeze Philips Hue’s hub and it will stop responding. The “hub” will stop operating and be frozen until the flood stops. During the flood, the user won’t be able to turn on/off the lights, and all of the hub’s functionality will be unresponsive. The cloud service also won’t work with the hub. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-7580
CVE-2021-1223 Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1223
CVE-2021-0202 On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC Modular Port Concentrator where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge (CE) device may cause memory leak in the MPC which can cause an out of memory and MPC restarts. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device show system resource-monitor. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3R3-S8 17.4R3-S2 18.2R3-S4, 18.2R3-S5 18.3R3-S2, 18.3R3-S3 18.4 versions starting from 18.4R3-S1 and later versions prior to 18.4R3-S6 19.2 versions starting from 19.2R2 and later versions prior to 19.2R3-S1 19.4 versions starting from 19.4R2 and later versions prior to 19.4R2-S3, 19.4R3 20.2 versions starting from 20.2R1 and later versions prior to 20.2R1-S3, 20.2R2. This issue does not affect Juniper Networks Junos OS: 18.1, 19.1, 19.3, 20.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0202
CVE-2021-1278 Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1278
CVE-2021-3115 Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo for example, cgo can execute a gcc program from an untrusted download . 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3115
CVE-2021-1296 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1296
CVE-2021-1297 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1297
CVE-2021-20275 A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete leading to denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20275
CVE-2021-20276 A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile may lead to denial of service. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20276
CVE-2021-27918 encoding xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27918
CVE-2021-20216 A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20216
CVE-2021-1252 A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus ClamAV Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1252
CVE-2021-1404 A vulnerability in the PDF parsing module in Clam AntiVirus ClamAV Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1404
CVE-2021-1405 A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in a NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1405
CVE-2021-29430 Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request size can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29430
CVE-2021-20990 In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20990
CVE-2021-0230 On Juniper Networks SRX Series devices with link aggregation lag configured, executing any operation that fetches Aggregated Ethernet AE interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. (kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 ) (kernel: rt_pfe_veto: free kmem_map memory = 20770816 curproc = kmd) An administrator can use the following CLI command to monitor the status of memory consumption ifstat bucket: user@device show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size ifstat 2588977 162708K - 19633958 user@device show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size ifstat 3021629 189749K – 22914415. This issue affects Juniper Networks Junos OS on SRX Series: 17.1 versions 17.1R3 and above prior to 17.3R3-S11 17.4 versions prior to 17.4R3-S5 18.2 versions prior to 18.2R3-S7, 18.2R3-S8 18.3 versions prior to 18.3R3-S4 18.4 versions prior to 18.4R2-S7, 18.4R3-S6 19.1 versions prior to 19.1R3-S4 19.2 versions prior to 19.2R1-S6 19.3 versions prior to 19.3R3-S1 19.4 versions prior to 19.4R3-S1 20.1 versions prior to 20.1R2, 20.1R3 20.2 versions prior to 20.2R2-S2, 20.2R3 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS prior to 17.1R3. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0230
CVE-2021-29469 Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29469
CVE-2020-15078 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15078
CVE-2020-17517 The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-17517
CVE-2020-7038 A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox Conferencing include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7038
CVE-2021-20228 A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20228
CVE-2021-29486 cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server may crash. This may affect other users of this server and/or require the server to be rebooted for proper operation. In the case of a browser app using this library to act on invalid non-numeric data, that browser may crash or lock up. A flaw enabling an infinite-loop was discovered in the code for evaluating the cumulative-distribution-function of input data. Although the documentation explains that numeric data is required, some users may confuse an array of strings like [“1”,”2”,”3”,”4”,”5”] for numeric data [1,2,3,4,5] when it is in fact string data. An infinite loop is possible when the cumulative-distribution-function is evaluated for a given point when the input data is string data rather than type `number`. This vulnerability enables an infinite-cpu-loop denial-of-service-attack on any app using npm:cumulative-distribution-function v1.0.3 or earlier if the attacker can supply malformed data to the library. The vulnerability could also manifest if a data source to be analyzed changes data type from Arrays of number prope to Arrays of string invalid, but undetected by earlier version of the library. Users should upgrade to at least v2.0.0, or the latest version. Tests for several types of invalid data have been created, and version 2.0.0 has been tested to reject this invalid data by throwing a `TypeError` instead of processing it. Developers using this library may wish to adjust their app’s code slightly to better tolerate or handle this TypeError. Apps performing proper numeric data validation before sending data to this library should be mostly unaffected by this patch. The vulnerability can be mitigated in older versions by ensuring that only finite numeric data of type `Array[number]` or `number` is passed to `cumulative-distribution-function` and its `f(x)` function, respectively. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29486
CVE-2021-20277 A flaw was found in Samba’s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20277
CVE-2021-20181 A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20181
CVE-2018-10863 It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the var/www.rhcert/store/transfer directory, through the rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-10863
CVE-2018-10865 It was discovered that the configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a “restart” RPC method on any host accessible by the system, even if not belonging to him. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-10865
CVE-2018-10868 redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a “Billion Laugh Attack” by replying to XMLRPC methods when getting the status of an host. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-10868
CVE-2021-20237 An uncontrolled resource consumption memory leak flaw was found in ZeroMQ’s src pub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20237
CVE-2021-20019 A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20019
CVE-2021-32514 Improper access control vulnerability in FirmwareUpgrade in QSAN Storage Manager allows remote attackers to reboot and discontinue the device. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32514
CVE-2021-32517 Improper access control vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files using particular parameter in download function. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32517
CVE-2021-33196 In archive zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive’s header can cause a NewReader or OpenReader panic. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33196
CVE-2021-33198 In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math big.Rat SetString or UnmarshalText method. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33198
CVE-2021-29923 Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29923
CVE-2021-23424 This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23424
CVE-2021-39187 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39187
CVE-2021-39342 The Credova_Financial WordPress plugin discloses a site’s associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39342
CVE-2021-40118 A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40118
CVE-2021-40112 Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40112
CVE-2021-41771 ImportedSymbols in debug for Open or OpenFat in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41771
CVE-2021-41772 Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41772
CVE-2021-43173 In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43173
CVE-2021-3908 OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3908
CVE-2021-43175 The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1 AV:N AC:L PR:N UI:N S:U C:L I:N A:N E:P RL:O RC:C 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43175
CVE-2021-43828 PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under media/imports/owner_id tmp_file In that, owner_id is predictable and tmp_file is in format of import_ownder_id_time_created, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43828
CVE-2021-43843 jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into `blockquote` tag _with including multibyte characters_, an internal regular expression for escaping characters may consume an excessive amount of computing resources. v4.5.1 passes the test against ASCII characters but misses the case of multibyte characters. jsx-slack v4.5.2 has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. It is also including an updated test case to confirm rendering multiple tags in `blockquote` with multibyte characters. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43843
CVE-2021-44716 net http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP 2 requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44716
CVE-2021-43859 XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43859
CVE-2022-23772 Rat.SetString in math big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23772
CVE-2022-23773 cmd go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23773
CVE-2021-4021 A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4021
CVE-2022-24921 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24921
CVE-2022-24716 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24716
CVE-2021-32476 A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32476
CVE-2022-24675 encoding pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24675
CVE-2022-27536 Certificate.Verify in crypto x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27536
CVE-2022-28327 The generic P-256 feature in crypto elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28327
CVE-2022-30333 RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a ~ .ssh authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30333
CVE-2021-27777 XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27777
CVE-2022-33099 An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33099
CVE-2022-31116 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair was decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library’s `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31116
CVE-2021-46828 In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46828
CVE-2022-31169 Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime’s code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected. The translation rules for constants did not consider whether sign or zero-extension should happen which resulted in an incorrect value being placed into a register when a division was encountered. The impact of this bug is that programs executing within the WebAssembly sandbox would not behave according to the WebAssembly specification. This means that it is hypothetically possible for execution within the sandbox to go awry and WebAssembly programs could produce unexpected results. This should not impact hosts executing WebAssembly but does affect the correctness of guest programs. This bug has been patched in Wasmtime version 0.38.2 and cranelift-codegen 0.85.2. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31169
CVE-2022-34966 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port ossn home. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34966
CVE-2022-34576 A vulnerability in cgi-bin ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34576
CVE-2022-31204 Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password to restrict sensitive engineering operations (such as project logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31204
CVE-2022-31205 In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31205
CVE-2021-33057 The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device’s physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device’s location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33057
CVE-2021-40180 In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user’s address book via wx.searchContacts. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40180
CVE-2022-30276 The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks potentially over a variety of serial, RF and or Ethernet links and TCP IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol 5001 TCP. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke a subset of desired functionality. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30276
CVE-2022-36883 A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36883
CVE-2022-34121 Cuppa CMS v1.0 was discovered to contain a local file inclusion LFI vulnerability via the component templates/default/html/windows/right.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34121
CVE-2022-36946 nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service panic because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-len. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36946
CVE-2021-38417 VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38417
CVE-2021-42537 VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42537
CVE-2022-35911 On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35911
CVE-2022-36956 In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36956
CVE-2022-27614 Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27614
CVE-2021-22642 An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22642
CVE-2022-30313 Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000) TCP, Safety Builder (51010) TCP. The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller files, Manipulate IO. The Honeywell Experion PKS Distributed Control System DCS Safety Manager utilizes several proprietary protocols for a wide variety of functionality, including process data acquisition, controller steering and configuration management. These protocols include: Experion TCP 51000TC and Safety Builder 5101 TCP. None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke a subset of desired functionality. There is no authentication functionality on the protocols in question. An attacker capable of invoking the protocols’ functionalities could achieve a wide range of adverse impacts, including but not limited to, the following: for Experion TCP 51000 TCP : Issue IO manipulation commands, Issue file read write commands and for Safety Builder 51010 TCP : Issue controller start stop commands, Issue logic download upload commands, Issue file read commands, Issue system time change commands. A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30313
CVE-2016-0796 WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable prior versions may also be affected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-0796
CVE-2016-4427 In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-4427
CVE-2022-34593 DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34593
CVE-2022-34568 SDL v1.2 was discovered to contain a use-after-free via the XFree function at src video x11 SDL_x11yuv.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34568
CVE-2022-36234 SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36234
CVE-2022-24912 The package github.com runatlantis atlantis server controllers events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24912
CVE-2022-2576 In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peers and high CPU load DoS own peer. The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2576
CVE-2022-2414 Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2414
CVE-2022-2324 Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2324
CVE-2022-22505 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22505
CVE-2022-2591 A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file/Sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2591
CVE-2022-1585 The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1585
CVE-2022-2509 A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2509
CVE-2022-36301 BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36301
CVE-2022-31173 Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31173
CVE-2022-31184 Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31184
CVE-2022-37315 graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37315
CVE-2022-34924 Lanling OA Landray Office Automation (OA) internal patch number #133383 #137780 contains an arbitrary file read vulnerability via the component sys ui extend varkind custom.jsp. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34924
CVE-2022-35923 v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase` and `uppercase` regex which could lead to a DoS attack. In testing of the `lowercase` function a payload of ‘a’ + ‘a’.repeat i + ‘A’ with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase. Users are advised to upgrade. There are no known workarounds for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35923
CVE-2022-34967 The assertion `stmt-Dbc-FirstStmt’ failed in MonetDB Database Server v11.43.13. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34967
CVE-2022-34968 An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34968
CVE-2022-34969 PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34969
CVE-2022-32963 OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-32963
CVE-2022-35216 OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35216
CVE-2022-27185 A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27185
CVE-2022-27630 An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27630
CVE-2022-27633 An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27633
CVE-2022-27660 A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27660
CVE-2022-30144 Windows Bluetooth Service Remote Code Execution Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30144
CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30194
CVE-2022-35769 Windows Point-to-Point Protocol PPP Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35747. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35769
CVE-2022-35796 Microsoft Edge Chromium-based Elevation of Privilege Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35796
CVE-2021-0217 A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local relay server configured may lead to exhaustion of DMA memory causing a Denial of Service DoS . Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or to crashing of the fxpc process. When Packet DMA heap utilization reaches 99%, the system will become unstable. An indication of the issue occurring may be observed through the following log messages: Dec 10 08:07:00.124 2020 hostname fpc0 brcm_pkt_buf_alloc:523 buf alloc failed allocating packet buffer Dec 10 08:07:00.126 2020 hostname fpc0 buf alloc failed allocating packet buffer Dec 10 08:07:00.128 2020 hostname fpc0 brcm_pkt_buf_alloc:523 buf alloc failed allocating packet buffer Dec 10 08:07:00.130 2020 hostnameC fpc0 buf alloc failed allocating packet buffer This issue affects Juniper Networks Junos OS on EX Series and QFX Series: 17.4R3 versions prior to 17.4R3-S3 18.1R3 versions between 18.1R3-S6 and 18.1R3-S11 18.2R3 versions prior to 18.2R3-S6 18.3R3 versions prior to 18.3R3-S4 18.4R2 versions prior to 18.4R2-S5 18.4R3 versions prior to 18.4R3-S6 19.1 versions between 19.1R2 and 19.1R3-S3 19.2 versions prior to 19.2R3-S1 19.3 versions prior to 19.3R2-S5, 19.3R3 19.4 versions prior to 19.4R2-S2, 19.4R3 20.1 versions prior to 20.1R2 20.2 versions prior to 20.2R1-S2, 20.2R2. Junos OS versions prior to 17.4R3 are unaffected by this vulnerability. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-0217
CVE-2021-20247 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing ‘..’ path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-20247
CVE-2021-1403 A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1403
CVE-2021-1251 Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1251
CVE-2021-1308 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent . 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1308
CVE-2021-3712 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL’s own “d2i” functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the “data” and “length” fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0 function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the “data” field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email, X509_REQ_get1_email and X509_get1_ocsp functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash causing a Denial of Service attack. It could also result in the disclosure of private memory contents such as private keys, or sensitive plaintext. Fixed in OpenSSL 1.1.1l Affected 1.1.1-1.1.1k. Fixed in OpenSSL 1.0.2za Affected 1.0.2-1.0.2y. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3712
CVE-2021-40366 A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42 , Climatix POL909 AWM module All versions V11.34 . The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-40366
CVE-2022-29154 An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server or Man-in-The-Middle attacker can overwrite arbitrary files in the rsync client target directory and subdirectories. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29154
CVE-2015-6527 The php_str_replace_in_subject function in ext standard string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2015-6527
CVE-2015-6831 Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving 1 ArrayObject, 2 SplObjectStorage, and 3 SplDoublyLinkedList, which are mishandled during unserialization. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2015-6831
CVE-2020-8116 Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-8116
CVE-2020-28396 A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16 , SICAM A8000 CP-8021 All versions V16 , SICAM A8000 CP-8022 All versions V16 . A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2020-28396
CVE-2021-33195 Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-33195
CVE-2021-44160 Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the service partially unavailable to the user. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44160
CVE-2022-32223 Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\\Program Files\\Common Files\\SSL\\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-32223
CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-33631
CVE-2022-35793 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35755. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-35793
CVE-2021-1146 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1146
CVE-2021-1147 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1147
CVE-2021-1148 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1148
CVE-2021-1149 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1149
CVE-2021-1150 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1150
CVE-2021-1314 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1314
CVE-2021-1315 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1315
CVE-2021-1316 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1316
CVE-2021-1317 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1317
CVE-2021-1318 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1318
CVE-2021-1443 A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are parsed from a specific configuration file. An attacker could exploit this vulnerability by tampering with a specific configuration file and then sending an API call. A successful exploit could allow the attacker to inject arbitrary code that would be executed on the underlying operating system of the affected device. To exploit this vulnerability, the attacker would need to have a privileged set of credentials to the device. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1443
CVE-2021-20206 An improper limitation of path name flaw was found in containernetworking cni in versions before 0.8.1. When specifying the plugin to load in the ‘type’ field in the network configuration, it is possible to use special elements such as “.. “ separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins types, such as ‘reboot’. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-20206
CVE-2021-1401 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-1401
CVE-2020-7870 A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2020-7870
CVE-2021-32523 Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-32523
CVE-2021-40120 A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-40120
CVE-2021-41276 Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-41276
CVE-2021-43782 Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-43782
CVE-2022-33970 Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-33970
CVE-2022-34120 Barangay Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via the module editing function at pages activity activity.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-34120
CVE-2022-34578 Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-34578
CVE-2022-30616 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-30616
CVE-2022-36799 This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-36799
CVE-2022-31194 DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files directories anywhere on the server writable by the Tomcat DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges submitter rights . This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds. However, this vulnerability cannot be exploited by an anonymous user or a basic user. The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31194
CVE-2022-31195 DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file directory to be created anywhere the Tomcat DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges either Administrators or someone with command-line access to the server . This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to admin batchimport path this is the URL of the Admin Batch Import tool . Keep in mind, if your site uses the path “xmlui”, then you’d need to block access to xmlui admin batchimport. If you are using the JSPUI, block all access to dspace-admin batchimport path this is the URL of the Admin Batch Import tool . Keep in mind, if your site uses the path “ jspui”, then you’d need to block access to jspui dspace-admin batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-31195
CVE-2022-35421 Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at admin operations packages.php. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-35421
CVE-2022-34625 Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-34625
CVE-2022-34871 This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-34871
CVE-2022-2626 Incorrect Privilege Assignment in GitHub repository hestiacp hestiacp prior to 1.6.6. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-2626
CVE-2022-35772 Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35824. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-35772
CVE-2022-35824 Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35772. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-35824
CVE-2021-43818 lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43818
CVE-2021-4166 vim is vulnerable to Out-of-bounds Read 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-4166
CVE-2022-35234 Trend Micro Security 2021 and 2022 Consumer is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35234
CVE-2022-34690 Windows Fax Service Elevation of Privilege Vulnerability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34690
CVE-2020-25668 A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. 7 https://nvd.nist.gov/vuln/detail/CVE-2020-25668
CVE-2022-29582 In the Linux kernel before 5.17.3, fs io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace however, the race condition perhaps can only be exploited infrequently. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29582
CVE-2022-31614 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-31614
CVE-2022-33646 Azure Batch Node Agent Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-33646
CVE-2022-30316 Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The potential impact is Firmware manipulation. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232 485 communication FTA serial interface and Enea POLO bootloader for firmware management purposes. An engineering workstation running the Safety Builder software communicates via serial or serial-over-ethernet link with the DCOM-232 485 interface. Firmware images were found to have no authentication in the form of firmware signing and only relied on insecure checksums for regular integrity checks. Firmware images are unsigned. An attacker with access to the serial interface either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway can utilize hardcoded credentials see FSCT-2022-0052 for the POLO bootloader to control the boot process and push malicious firmware images to the controller allowing for firmware manipulation, remote code execution and denial of service impacts. A mitigating factor is that in order for a firmware update to be initiated, the Safety Manager has to be rebooted which is typically done by means of physical controls on the Safety Manager itself. As such, an attacker would have to either lay dormant until a legitimate reboot occurs or possibly attempt to force a reboot through a secondary vulnerability. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30316
CVE-2022-33955 IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-33955
CVE-2017-3312 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 Confidentiality, Integrity and Availability impacts . 6.7 https://nvd.nist.gov/vuln/detail/CVE-2017-3312
CVE-2021-1281 A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1281
CVE-2021-1488 A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1488
CVE-2021-1567 A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC ) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-1567
CVE-2021-4210 A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-4210
CVE-2022-21788 In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728 Issue ID: ALPS06988728. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21788
CVE-2022-21792 In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410 Issue ID: ALPS07085410. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21792
CVE-2022-26426 In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486 Issue ID: ALPS07085486. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26426
CVE-2022-26427 In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540 Issue ID: ALPS07085540. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26427
CVE-2022-26430 In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521 Issue ID: ALPS07032521. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26430
CVE-2022-26431 In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553 Issue ID: ALPS07032553. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26431
CVE-2022-26432 In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542 Issue ID: ALPS07032542. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26432
CVE-2022-26433 In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400 Issue ID: ALPS07138400. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26433
CVE-2022-26434 In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450 Issue ID: ALPS07138450. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26434
CVE-2022-26435 In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435 Issue ID: ALPS07138435. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26435
CVE-2022-26438 In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013 Issue ID: GN20220420013. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26438
CVE-2022-26439 In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020 Issue ID: GN20220420020. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26439
CVE-2022-26440 In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037 Issue ID: GN20220420037. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26440
CVE-2022-26441 In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044 Issue ID: GN20220420044. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26441
CVE-2022-26442 In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051 Issue ID: GN20220420051. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26442
CVE-2022-26443 In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068 Issue ID: GN20220420068. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26443
CVE-2022-26444 In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075 Issue ID: GN20220420075. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26444
CVE-2022-26445 In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088 Issue ID: GN20220420088. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-26445
CVE-2022-35867 This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-35867
CVE-2021-20285 A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2021-20285
CVE-2021-44832 Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2021-44832
CVE-2016-5609 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2016-5609
CVE-2016-5627 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2016-5627
CVE-2018-3143 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-3143
CVE-2018-3156 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-3156
CVE-2018-3251 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB . Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-3251
CVE-2019-2455 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-2455
CVE-2019-2529 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-2529
CVE-2019-2740 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML . Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-2740
CVE-2019-2805 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Parser . Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-2805
CVE-2019-9516 Some HTTP 2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-9516
CVE-2019-2974 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer . Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-2974
CVE-2020-2780 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML . Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.5 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:L UI:N S:U C:N I:N A:H . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-2780
CVE-2020-35964 track_header in libavformat vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35964
CVE-2021-0215 On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administrator can use the following CLI command to monitor the status of memory consumption: user@device show task memory detail Please refer to https: kb.juniper.net KB31522 for details. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D54 15.1X49 versions prior to 15.1X49-D240 15.1X53 versions prior to 15.1X53-D593 16.1 versions prior to 16.1R7-S8 17.2 versions prior to 17.2R3-S4 17.3 versions prior to 17.3R3-S8 17.4 versions prior to 17.4R2-S11, 17.4R3-S2 18.1 versions prior to 18.1R3-S10 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 18.3 versions prior to 18.3R2-S4, 18.3R3-S2 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2 19.1 versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3 19.2 versions prior to 19.2R1-S5, 19.2R2 19.3 versions prior to 19.3R2-S3, 19.3R3 19.4 versions prior to 19.4R1-S2, 19.4R2. This issue does not affect Juniper Networks Junos OS 12.3, 15.1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0215
CVE-2021-3114 In Go before 1.14.14 and 1.15.x before 1.15.7, crypto elliptic p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3114
CVE-2021-21254 CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin @ckeditor ckeditor5-markdown-gfm before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version = 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-21254
CVE-2021-20234 An uncontrolled resource consumption memory leak flaw was found in the ZeroMQ client in versions before 4.3.3 in src pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20234
CVE-2021-29452 a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29452
CVE-2021-29453 matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29453
CVE-2021-0242 A vulnerability due to the improper handling of direct memory access DMA buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service DoS condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling L2PT or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. When this issue occurs, DMA buffer usage keeps increasing and the following error log messages may be observed: Apr 14 14:29:34.360 kernel: pid 64476 pfex_junos , uid 0: exited on signal 11 core dumped Apr 14 14:29:33.790 init: pfe-manager PID 64476 terminated by signal number 11. This issue affects Juniper Networks Junos OS on the EX4300: 17.3 versions prior to 17.3R3-S11 17.4 versions prior to 17.4R2-S13, 17.4R3-S4 18.1 versions prior to 18.1R3-S12 18.2 versions prior to 18.2R2-S8, 18.2R3-S7 18.3 versions prior to 18.3R3-S4 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 19.3 versions prior to 19.3R3-S2 19.4 versions prior to 19.4R2-S3, 19.4R3-S1 20.1 versions prior to 20.1R2 20.2 versions prior to 20.2R2-S1, 20.2R3 20.3 versions prior to 20.3R1-S1, 20.3R2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0242
CVE-2021-0257 On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge CE devices may cause memory leaks in the MPC of Provider Edge PE devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. This issue affects MX Series and EX9200 Series with Trio-based PFEs Packet Forwarding Engines , including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10 17.4 versions prior to 17.4R3-S3 18.2 versions prior to 18.2R3-S7 18.3 versions prior to 18.3R3-S4 18.4 versions prior to 18.4R3-S6 19.2 versions prior to 19.2R3-S2 19.3 versions prior to 19.3R3-S1 19.4 versions prior to 19.4R2-S2, 19.4R3 20.2 versions prior to 20.2R1-S3, 20.2R2 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8 17.4 versions prior to 17.4R3-S2 18.1 18.2 versions prior to 18.2R3-S4 18.3 versions prior to 18.3R3-S2 18.4 versions prior to 18.4R3-S1 19.1 19.2 versions prior to 19.2R2 19.3 versions prior to 19.3R3 19.4 versions prior to 19.4R2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0257
CVE-2020-27736 A vulnerability has been identified in Nucleus NET All versions , Nucleus ReadyStart V3 All versions V2017.02.3 , Nucleus ReadyStart V4 All versions V4.1.0 , Nucleus Source Code Versions including affected DNS modules , SIMOTICS CONNECT 400 All versions V0.5.0.0 . The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27736
CVE-2021-20278 An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used with RBAC turned off, this token validation doesn’t occur, and this allows a malicious user to bypass the authentication. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20278
CVE-2021-1563 Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1563
CVE-2021-1564 Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service DoS condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1564
CVE-2021-32508 Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32508
CVE-2021-32509 Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32509
CVE-2021-34558 The crypto tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-34558
CVE-2021-32001 A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup to extract the cluster’s confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc and decrypt it, without having to know the token value. This issue affects: SUSE Rancher K3s version v1.19.12+k3s1, v1.20.8+k3s1, v1.21.2+k3s1 and prior versions RKE2 version v1.19.12+rke2r1, v1.20.8+rke2r1, v1.21.2+rke2r1 and prior versions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32001
CVE-2021-39196 pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39196
CVE-2021-39203 WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don’t have permission to view private post types data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It’s fixed in the final 5.8 release. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39203
CVE-2021-32029 A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32029
CVE-2021-35582 Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: View Reports . Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data and unauthorized ability to cause a partial denial of service partial DOS of Oracle Applications Manager. CVSS 3.1 Base Score 6.5 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:L UI:R S:C C:L I:L A:L . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35582
CVE-2021-41308 Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa` endpoint. The affected versions are before version 8.6.0, from version 8.7.0 before 8.13.12, and from version 8.14.0 before 8.20.1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41308
CVE-2021-3912 OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory and thus crash . 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3912
CVE-2021-41972 Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41972
CVE-2021-3992 kimai2 is vulnerable to Improper Access Control 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3992
CVE-2021-43847 HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43847
CVE-2021-40404 An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40404
CVE-2021-42000 When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42000
CVE-2021-46744 An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46744
CVE-2021-41834 JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41834
CVE-2022-26135 A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user including a user who joined via the sign-up feature to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26135
CVE-2022-29901 Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29901
CVE-2022-23825 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23825
CVE-2022-24406 OX App Suite through 7.10.6 allows SSRF because multipart form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24406
CVE-2022-34551 Sims v1.0 was discovered to allow path traversal when downloading attachments. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34551
CVE-2022-36888 A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall Read permission to obtain credentials stored in Vault with attacker-specified path and keys. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36888
CVE-2022-36894 An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36894
CVE-2022-36896 A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36896
CVE-2022-36901 Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36901
CVE-2022-36906 A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36906
CVE-2022-36907 A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall Read permission to connect to an attacker-specified URL using attacker-specified username and password. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36907
CVE-2022-36908 A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36908
CVE-2022-36909 A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an attacker-specified URL. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36909
CVE-2022-36954 In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36954
CVE-2022-1858 Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1858
CVE-2022-1862 Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1862
CVE-2022-1867 Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1867
CVE-2022-1868 Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1868
CVE-2022-1873 Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1873
CVE-2021-46830 A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and or profile information to gain access to files at a higher directory level than intended. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46830
CVE-2022-2160 Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user’s local files via a crafted HTML page. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2160
CVE-2022-36984 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36984
CVE-2022-36987 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36987
CVE-2022-36990 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36990
CVE-2022-36991 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36991
CVE-2022-36994 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36994
CVE-2022-36996 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36996
CVE-2022-36998 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36998
CVE-2022-36999 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36999
CVE-2022-37000 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-37000
CVE-2022-2553 The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2553
CVE-2022-34526 A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted TIFF file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34526
CVE-2022-33169 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-33169
CVE-2022-34338 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34338
CVE-2022-35716 IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35716
CVE-2022-2260 The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target’s CPU. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2260
CVE-2022-2370 The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2370
CVE-2022-30698 NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound’s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30698
CVE-2022-30699 NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30699
CVE-2022-35220 Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35220
CVE-2022-27618 Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27618
CVE-2022-34872 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34872
CVE-2022-35864 This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35864
CVE-2022-27551 HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27551
CVE-2022-35775 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35775
CVE-2022-35780 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35780
CVE-2022-35781 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35781
CVE-2022-35782 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35782
CVE-2022-35784 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35784
CVE-2022-35785 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35785
CVE-2022-35786 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35786
CVE-2022-35788 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35788
CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35789
CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35790
CVE-2022-35791 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35791
CVE-2022-35799 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35799
CVE-2022-35801 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35801
CVE-2022-35807 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35807
CVE-2022-35808 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35808
CVE-2022-35809 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35809
CVE-2022-35810 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35810
CVE-2022-35811 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35811
CVE-2022-35813 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35813
CVE-2022-35814 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35814
CVE-2022-35815 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35815
CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35816
CVE-2022-35817 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35818, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35817
CVE-2022-35818 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35819. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35818
CVE-2022-35819 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35819
CVE-2019-2503 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Connection Handling . Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 6.4 Confidentiality and Availability impacts . CVSS Vector: CVSS:3.0 AV:A AC:H PR:L UI:N S:U C:H I:N A:H . 6.4 https://nvd.nist.gov/vuln/detail/CVE-2019-2503
CVE-2016-2138 In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean in class KippoInput.class.php. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2016-2138
CVE-2016-2139 In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class KippoInput.class.php. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2016-2139
CVE-2022-21789 In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101 Issue ID: ALPS06478101. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21789
CVE-2022-26428 In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260 Issue ID: ALPS06521260. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26428
CVE-2017-3291 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging . Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 Confidentiality, Integrity and Availability impacts . 6.3 https://nvd.nist.gov/vuln/detail/CVE-2017-3291
CVE-2021-40403 An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev commit b5f1eacd , and Gerbv forked 2.8.0. A specially crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40403
CVE-2022-34573 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-34573
CVE-2022-2164 Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2164
CVE-2022-35776 Azure Site Recovery Denial of Service Vulnerability. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2022-35776
CVE-2020-13944 In Apache Airflow 1.10.12, the “origin” parameter passed to some of the endpoints like ‘ trigger’ was vulnerable to XSS exploit. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13944
CVE-2020-29395 The EventON plugin through 3.0.5 for WordPress allows addons ?q= XSS via the search field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-29395
CVE-2020-27783 A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML JS code. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-27783
CVE-2020-17515 The “origin” parameter passed to some of the endpoints like ‘ trigger’ was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-17515
CVE-2020-35416 Multiple cross-site scripting XSS vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage with different request parameters , allows remote attackers to inject arbitrary web script or HTML. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-35416
CVE-2020-26275 The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: “jupyter server --ServerApp.base_url= jupyter “. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-26275
CVE-2021-1351 A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-1351
CVE-2020-1761 A flaw was found in the OpenShift web console, where the access token is stored in the browser’s local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim’s browser. This flaw affects openshift console versions before openshift console-4. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1761
CVE-2021-40369 A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40369
CVE-2021-43808 Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting XSS vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43808
CVE-2022-23101 OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23101
CVE-2022-36922 Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the ‘search’ result page, resulting in a reflected cross-site scripting XSS vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-36922
CVE-2021-42535 VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42535
CVE-2022-27509 Unauthenticated redirection to a malicious website 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27509
CVE-2016-3709 Possible cross-site scripting vulnerability in libxml after commit 960f0e2. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-3709
CVE-2022-35630 A cross-site scripting XSS issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35630
CVE-2022-1906 The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1906
CVE-2022-2181 The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2181
CVE-2022-2241 The Featured Image from URL FIFU WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2241
CVE-2022-2589 Cross-site Scripting XSS - Reflected in GitHub repository beancount fava prior to 1.22.3. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2589
CVE-2022-34162 IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34162
CVE-2022-34163 IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-34163
CVE-2022-31109 laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and or port of a `Laminas\\Diactoros\\Uri` instance associated with the incoming server request modified to reflect values from headers. Such changes can potentially lead to XSS attacks if a fully-qualified URL is used in links and or URL poisoning. Since the headers do have valid use cases, particularly in clustered environments using a load balancer, the library offers mitigation measures only in the v2 releases, as doing otherwise would break these use cases immediately. Users are advised to upgrade to version 2.11.1 or later to resolve this issue. Users unable to upgrade may configure web servers to reject headers at the web server level. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31109
CVE-2022-35118 PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35118
CVE-2022-31191 DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck “Did you mean” HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31191
CVE-2022-31192 DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31192
CVE-2022-31193 DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker’s choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-31193
CVE-2022-1293 The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1293
CVE-2022-2645 A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\\”ScRiPtalert 1 sCrIpT leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2645
CVE-2022-2646 A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8 h3--redacted-- leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2646
CVE-2021-46676 A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46676
CVE-2021-46677 A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46677
CVE-2021-46678 A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46678
CVE-2021-46679 A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46679
CVE-2021-46680 A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46680
CVE-2021-46681 A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46681
CVE-2022-2685 A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file addQuestion.php. The manipulation of the argument question with the input --redacted-- leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-2685
CVE-2022-35797 Windows Hello Security Feature Bypass Vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-35797
CVE-2020-27821 A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. 6 https://nvd.nist.gov/vuln/detail/CVE-2020-27821
CVE-2022-34709 Windows Defender Credential Guard Security Feature Bypass Vulnerability. 6 https://nvd.nist.gov/vuln/detail/CVE-2022-34709
CVE-2015-3152 Oracle MySQL before 5.7.3, Oracle MySQL Connector C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a “BACKRONYM” attack. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2015-3152
CVE-2018-2761 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs . Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 5.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:H PR:N UI:N S:U C:N I:N A:H . 5.9 https://nvd.nist.gov/vuln/detail/CVE-2018-2761
CVE-2020-2574 Vulnerability in the MySQL Client product of Oracle MySQL component: C API . Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Client. CVSS 3.0 Base Score 5.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:H PR:N UI:N S:U C:N I:N A:H . 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-2574
CVE-2020-15023 Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted and even failed WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-15023
CVE-2020-1926 Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-1926
CVE-2021-20989 Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-20989
CVE-2021-31525 net http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-31525
CVE-2021-36221 Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net http httputil ReverseProxy panic upon an ErrAbortHandler abort. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-36221
CVE-2021-3597 A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-3597
CVE-2022-31117 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-31117
CVE-2022-21541 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot . Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 Integrity impacts . CVSS Vector: CVSS:3.1 AV:N AC:H PR:N UI:N S:U C:N I:H A:N . 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21541
CVE-2022-2596 Denial of Service in GitHub repository node-fetch node-fetch prior to 3.2.10. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-2596
CVE-2022-27619 Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-27619
CVE-2022-34716 .NET Spoofing Vulnerability. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-34716
CVE-2021-29432 Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2021-29432
CVE-2022-34572 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-34572
CVE-2022-34574 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-34574
CVE-2022-34575 An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. 5.7 https://nvd.nist.gov/vuln/detail/CVE-2022-34575
CVE-2019-14274 MCPP 2.7.2 has a heap-based buffer overflow in the do_msg function in support.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-14274
CVE-2015-2326 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by “ ?+1 \\1 “. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2015-2326
CVE-2021-1126 A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1126
CVE-2021-20255 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20255
CVE-2021-20265 A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20265
CVE-2021-27919 archive zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which .. occurs at the beginning of any filename. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-27919
CVE-2020-27824 A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-27824
CVE-2020-14335 A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14335
CVE-2021-42744 Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42744
CVE-2021-4193 vim is vulnerable to Out-of-bounds Read 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4193
CVE-2021-45958 UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked called from encode . Exploitation can, for example, use a large amount of indentation. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45958
CVE-2021-45067 Acrobat Reader DC version 21.007.20099 and earlier , 20.004.30017 and earlier and 17.011.30204 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45067
CVE-2022-0419 NULL Pointer Dereference in GitHub repository radareorg radare2 prior to 5.6.0. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0419
CVE-2020-12966 AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State SEV-ES and Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP . A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2020-12966
CVE-2022-0529 A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0529
CVE-2022-0530 A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0530
CVE-2021-4115 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-4115
CVE-2022-27359 Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27359
CVE-2022-25169 The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25169
CVE-2022-21123 Incomplete cleanup of multi-core shared buffers for some Intel R Processors may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21123
CVE-2022-21125 Incomplete cleanup of microarchitectural fill buffers on some Intel R Processors may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21125
CVE-2022-21166 Incomplete cleanup in specific special register write operations for some Intel R Processors may allow an authenticated user to potentially enable information disclosure via local access. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21166
CVE-2022-1852 A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch x86 kvm emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1852
CVE-2022-2078 A vulnerability was found in the Linux kernel’s nft_set_desc_concat_parse function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse , causing a denial of service and possibly to run code. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2078
CVE-2022-29960 Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29960
CVE-2022-29962 The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production . This affects S-series, P-series, and CIOC EIOC nodes. NOTE: this is different from CVE-2014-2350. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29962
CVE-2022-29963 The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC EIOC nodes. NOTE: this is different from CVE-2014-2350. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29963
CVE-2022-29964 The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29964
CVE-2022-29965 The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23 TCP on M-series and SIS CSLS LSNB LSNG nodes is controlled by means of utility passwords. These passwords are generated using a deterministic, insecure algorithm using a single seed value composed of a day hour minute timestamp with less than 16 bits of entropy. The seed value is fed through a lookup table and a series of permutation operations resulting in three different four-character passwords corresponding to different privilege levels. An attacker can easily reconstruct these passwords and thus gain access to privileged maintenance operations. NOTE: this is different from CVE-2014-2350. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29965
CVE-2022-34529 WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34529
CVE-2022-2549 NULL Pointer Dereference in GitHub repository gpac gpac prior to v2.1.0-DEV. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2549
CVE-2022-35669 Acrobat Reader versions 22.001.20142 and earlier , 20.005.30334 and earlier and 20.005.30334 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35669
CVE-2022-34009 Fossil 2.18 on Windows allows attackers to cause a denial of service daemon crash via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34009
CVE-2022-34556 PicoC v3.2.2 was discovered to contain a NULL pointer dereference at variable.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34556
CVE-2022-36752 png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-36752
CVE-2022-35631 On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-35631
CVE-2022-2598 Undefined Behavior for Input to API in GitHub repository vim vim prior to 9.0.0100. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2598
CVE-2022-34164 IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34164
CVE-2022-31618 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin , where it can dereference a null pointer, which may lead to denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31618
CVE-2022-30197 Windows Kernel Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34708. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-30197
CVE-2022-34685 Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34686. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34685
CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34685. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34686
CVE-2022-34704 Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34710, CVE-2022-34712. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34704
CVE-2022-34708 Windows Kernel Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30197. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34708
CVE-2022-34710 Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34704, CVE-2022-34712. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34710
CVE-2022-34712 Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34704, CVE-2022-34710. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-34712
CVE-2020-12262 Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow cgi-bin cgiServer.exx?page= XSS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-12262
CVE-2021-1249 Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow a remote attacker with network-operator privileges to conduct a cross-site scripting XSS attack or a reflected file download RFD attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-1249
CVE-2021-42367 The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~ includes class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-42367
CVE-2021-43853 Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-43853
CVE-2021-43862 jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting XSS vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. This issue is fixed in version 2.31.1. As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters e.g. to highlight code in different way . 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-43862
CVE-2021-45729 The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin versions = 1.8.0 allows authenticated low-role users to create, edit, and delete maps. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-45729
CVE-2021-45074 JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-45074
CVE-2021-43742 CMSimple 5.4 is vulnerable to Cross Site Scripting XSS via the file upload feature. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-43742
CVE-2022-1757 The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1757
CVE-2022-23099 OX App Suite through 7.10.6 allows XSS by forcing block-wise read. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23099
CVE-2022-36902 Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36902
CVE-2022-36905 Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36905
CVE-2022-36910 Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36910
CVE-2022-36948 In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36948
CVE-2022-34140 A stored cross-site scripting XSS vulnerability signup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-34140
CVE-2022-1948 An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1948
CVE-2022-29360 The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29360
CVE-2022-2579 A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file php_action createUser.php. The manipulation of the argument userName with the input lalaimg src=““ onerror=alert 1 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2579
CVE-2022-35629 Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-35629
CVE-2022-33994 The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the “Insert from URL” feature. NOTE: the XSS payload does not execute in the context of the WordPress instance’s domain however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-33994
CVE-2022-31774 IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31774
CVE-2022-32750 IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-32750
CVE-2022-26308 Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration Credential store where a user with the role of Operator Write could create, delete, view existing keys which are outside the intended role. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26308
CVE-2022-2171 The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2171
CVE-2022-36302 File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36302
CVE-2022-36343 Authenticated author or higher user role Stored Cross-Site Scripting XSS vulnerability in ideasToCode Enable SVG, WebP ICO Upload plugin = 1.0.1 at WordPress. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36343
CVE-2022-31128 Tuleap is a Free Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31128
CVE-2022-31148 Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting XSS vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-31148
CVE-2022-34618 A stored cross-site scripting XSS vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-34618
CVE-2022-23733 A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github’s Content Security Policy CSP . This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23733
CVE-2022-35221 Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-35221
CVE-2022-30571 The iWay Service Manager Console component of TIBCO Software Inc.’s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting XSS vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO iWay Service Manager: versions 8.0.6 and below. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-30571
CVE-2022-34619 A stored cross-site scripting XSS vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-34619
CVE-2022-36197 BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-36197
CVE-2016-3098 Cross-site request forgery CSRF vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user’s OAuth autorization code. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2016-3098
CVE-2020-1691 In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-1691
CVE-2022-2682 A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input ‘“--redacted-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2682
CVE-2022-2683 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email password with the input “ScRiPtalert 1 sCrIpT leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2683
CVE-2022-2684 A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-apartment.php. The manipulation of the argument Apartment Number with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-2684
CVE-2017-3636 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs . Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service partial DOS of MySQL Server. CVSS 3.0 Base Score 5.3 Confidentiality, Integrity and Availability impacts . CVSS Vector: CVSS:3.0 AV:L AC:L PR:L UI:N S:U C:L I:L A:L . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2017-3636
CVE-2020-13886 Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin cgiServer.exx?page=.. Directory Traversal. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13886
CVE-2020-35176 In AWStats through 7.8, cgi-bin awstats.pl?config= accepts a partial absolute pathname omitting the initial etc , even though it was intended to only read a file in the etc awstats awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-35176
CVE-2020-35460 common InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-35460
CVE-2021-1224 Multiple Cisco products are affected by a vulnerability with TCP Fast Open TFO when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1224
CVE-2021-21012 Magento versions 2.4.1 and earlier , 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the checkout module. Successful exploitation could lead to sensitive information disclosure. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21012
CVE-2021-21022 Magento versions 2.4.1 and earlier , 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object reference IDOR in the product module. Successful exploitation could lead to unauthorized access to restricted resources. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21022
CVE-2021-26697 The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-26697
CVE-2021-20281 It was possible for some users without permission to view other users’ full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20281
CVE-2020-35518 When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-35518
CVE-2020-15077 OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15077
CVE-2021-33197 In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net http httputil result in a situation where an attacker is able to drop arbitrary headers. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-33197
CVE-2021-39211 GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax telemetry.php`, which is not needed for usual functions of GLPI. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39211
CVE-2021-41157 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41157
CVE-2021-40128 A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40128
CVE-2021-41532 In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41532
CVE-2021-40338 Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20 3.22 3.23 3.24 3.25 3.26. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40338
CVE-2022-24714 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24714
CVE-2021-42778 A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42778
CVE-2021-42851 A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42851
CVE-2022-29526 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29526
CVE-2022-21540 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot . Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Confidentiality impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:N UI:N S:U C:L I:N A:N . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21540
CVE-2022-21549 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries . Supported versions that are affected are Oracle Java SE: 17.0.3.1 Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code e.g., code that comes from the internet and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 Integrity impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:N UI:N S:U C:N I:L A:N . 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21549
CVE-2022-36884 The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36884
CVE-2022-36885 Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36885
CVE-2022-23001 When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user’s assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23001
CVE-2022-23002 When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23002
CVE-2022-23003 When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23003
CVE-2022-23004 When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23004
CVE-2022-1600 The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1600
CVE-2022-31182 Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse’s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31182
CVE-2022-31185 mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account’s email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31185
CVE-2022-31190 DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI “mets.xml” object, as long as you know the handle URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31190
CVE-2022-34530 An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-34530
CVE-2022-31189 DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an “Internal System Error” occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31189
CVE-2022-35915 OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-35915
CVE-2022-35916 OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-35916
CVE-2022-34692 Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21979, CVE-2022-30134. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-34692
CVE-2022-34701 Windows Secure Socket Tunneling Protocol SSTP Denial of Service Vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-34701
CVE-2018-3081 Vulnerability in the MySQL Client component of Oracle MySQL subcomponent: Client programs . Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 Integrity and Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:H PR:H UI:N S:U C:N I:L A:H . 5 https://nvd.nist.gov/vuln/detail/CVE-2018-3081
CVE-2016-5629 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2016-5629
CVE-2016-5630 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2016-5630
CVE-2017-3456 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML . Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily “exploitable” vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2017-3456
CVE-2017-10320 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB . Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2017-10320
CVE-2019-2627 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges . Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2019-2627
CVE-2019-2628 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB . Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2019-2628
CVE-2019-2737 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth . Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.0 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:N A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2019-2737
CVE-2020-14776 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB . Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:H UI:N S:U C:N I:N A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-14776
CVE-2020-14789 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS . Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. CVSS 3.1 Base Score 4.9 Availability impacts . CVSS Vector: CVSS:3.1 AV:N AC:L PR:H UI:N S:U C:N I:N A:H . 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-14789
CVE-2021-1282 Multiple vulnerabilities in Cisco Unified Communications Manager IM amp Presence Service Unified CM IMampP could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IMampP also affects Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-1282
CVE-2021-40130 A vulnerability in the web application of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-40130
CVE-2021-45730 JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-45730
CVE-2022-27620 Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-27620
CVE-2022-35774 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-35774
CVE-2022-35787 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-35787
CVE-2022-35800 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-35800
CVE-2021-39348 The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~ inc admin views backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate from CVE-2021-24702. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39348
CVE-2021-44717 Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44717
CVE-2022-1961 The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~ public frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1961
CVE-2022-35882 Authenticated author or higher user role Stored Cross-Site Scripting XSS vulnerability in GS Plugins GS Testimonial Slider plugin = 1.9.1 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35882
CVE-2022-34580 Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the address parameter at ip school index.php. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34580
CVE-2022-35632 The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting XSS . This issue was resolved in Velociraptor 0.6.5-2. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35632
CVE-2022-36378 Authenticated author or higher user role Stored Cross-Site Scripting XSS vulnerability in PluginlySpeaking Floating Div plugin = 3.0 at WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-36378
CVE-2022-0598 The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0598
CVE-2022-1324 The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1324
CVE-2022-2170 The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2170
CVE-2022-2215 The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2215
CVE-2022-2278 The Featured Image from URL FIFU WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2278
CVE-2022-2305 The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2305
CVE-2022-2325 The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2325
CVE-2022-2328 The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2328
CVE-2022-35162 Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the CATEGORY parameter at category controller.php?action=edit. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35162
CVE-2022-35163 Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the U_NAME parameter at category controller.php?action=edit. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-35163
CVE-2022-21979 Microsoft Exchange Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30134, CVE-2022-34692. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21979
CVE-2020-10686 A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2020-10686
CVE-2022-31175 CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor ckeditor5-markdown-gfm`, `@ckeditor ckeditor5-html-support`, and `@ckeditor ckeditor5-html-embed`. The specific conditions are 1 Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2 Destroying the editor instance and 3 Initializing the editor on an element and using an element other than `textarea` as a base. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization destroy and use Markdown, General HTML Support or HTML embed features. The problem has been recognized and patched. The fix is available in version 35.0.1. There are no known workarounds for this issue. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-31175
CVE-2022-30314 Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232 485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image see FSCT-2022-0054 . 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-30314
CVE-2020-35508 A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. 4.5 https://nvd.nist.gov/vuln/detail/CVE-2020-35508
CVE-2022-21790 In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306 Issue ID: ALPS06479306. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21790
CVE-2022-21791 In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059 Issue ID: ALPS06478059. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21791
CVE-2022-26436 In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666 Issue ID: ALPS07023666. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26436
CVE-2022-35783 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35812, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-35783
CVE-2022-35812 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35774, CVE-2022-35775, CVE-2022-35780, CVE-2022-35781, CVE-2022-35782, CVE-2022-35783, CVE-2022-35784, CVE-2022-35785, CVE-2022-35786, CVE-2022-35787, CVE-2022-35788, CVE-2022-35789, CVE-2022-35790, CVE-2022-35791, CVE-2022-35799, CVE-2022-35800, CVE-2022-35801, CVE-2022-35802, CVE-2022-35807, CVE-2022-35808, CVE-2022-35809, CVE-2022-35810, CVE-2022-35811, CVE-2022-35813, CVE-2022-35814, CVE-2022-35815, CVE-2022-35816, CVE-2022-35817, CVE-2022-35818, CVE-2022-35819. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-35812
CVE-2022-35821 Azure Sphere Information Disclosure Vulnerability. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-35821
CVE-2021-1143 A vulnerability in Cisco Connected Mobile Experiences CMX API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1143
CVE-2021-20283 The web service responsible for fetching other users’ enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20283
CVE-2021-1467 A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1467
CVE-2021-1477 A vulnerability in an access control mechanism of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-1477
CVE-2021-20250 A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20250
CVE-2021-20306 A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20306
CVE-2020-10743 It was discovered that OpenShift Container Platform’s OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP’s distribution of Kibana, such as clickjacking. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10743
CVE-2021-42337 The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42337
CVE-2021-42116 Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42116
CVE-2021-4026 bookstack is vulnerable to Improper Access Control 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4026
CVE-2021-43793 Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43793
CVE-2021-4089 snipe-it is vulnerable to Improper Access Control 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4089
CVE-2021-24836 The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24836
CVE-2021-4111 yetiforcecrm is vulnerable to Business Logic Errors 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4111
CVE-2021-4117 yetiforcecrm is vulnerable to Business Logic Errors 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4117
CVE-2021-41241 Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting “advanced permissions” on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the “groupfolders” application in the admin settings. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41241
CVE-2021-32472 Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32472
CVE-2022-36886 A cross-site request forgery CSRF vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36886
CVE-2022-36887 A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36887
CVE-2022-36890 Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36890
CVE-2022-36891 A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item Read permission but without Deploy Now Deploy permission to read deployment logs. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36891
CVE-2022-36892 Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item Read permission but without Item Workspace or Item Configure permission to check whether attacker-specified file patterns match workspace contents. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36892
CVE-2022-36893 Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item Read permission but without Item Workspace or Item Configure permission to check whether attacker-specified file patterns match workspace contents. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36893
CVE-2022-36895 A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36895
CVE-2022-36897 A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36897
CVE-2022-36898 A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36898
CVE-2022-36903 A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall Read permission to enumerate credentials IDs of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36903
CVE-2022-36904 Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36904
CVE-2022-36912 A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall Read permission to connect to an attacker-specified URL. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36912
CVE-2022-36913 Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36913
CVE-2022-36914 Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36914
CVE-2022-36915 Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item Read permission but without Item Workspace or Item Configure permission to check whether attacker-specified file patterns match workspace contents. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36915
CVE-2022-36917 A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall Read permission to request a manual backup. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36917
CVE-2022-36918 Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36918
CVE-2022-36919 A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall Read permission to enumerate credentials IDs of credentials stored in Jenkins. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36919
CVE-2022-36953 In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36953
CVE-2022-1871 Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1871
CVE-2022-1872 Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1872
CVE-2022-1875 Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1875
CVE-2022-36995 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products . An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36995
CVE-2022-2479 Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2479
CVE-2016-4426 In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2016-4426
CVE-2022-22334 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22334
CVE-2022-1561 Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1561
CVE-2022-2369 The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-2369
CVE-2022-34307 IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http: link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-34307
CVE-2022-31154 Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31154
CVE-2022-31155 Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31155
CVE-2022-31178 eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31178
CVE-2022-36968 In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36968
CVE-2022-27617 Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27617
CVE-2022-36800 Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the “Browse Users” permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-36800
CVE-2022-23442 An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23442
CVE-2020-1754 In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the ‘access all groups’ capability were not restricted to viewing grades of users within their own groups. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-1754
CVE-2021-36861 Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-36861
CVE-2021-4001 A race condition was found in the Linux kernel’s ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel bpf syscall.c. In this flaw, a local user with a special privilege cap_sys_admin or cap_bpf can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2021-4001
CVE-2017-10365 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB . Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service partial DOS of MySQL Server. CVSS 3.0 Base Score 3.8 Integrity and Availability impacts . CVSS Vector: CVSS:3.0 AV:N AC:L PR:H UI:N S:U C:N I:L A:L . 3.8 https://nvd.nist.gov/vuln/detail/CVE-2017-10365
CVE-2022-27621 Improper limitation of a pathname to a restricted directory ’Path Traversal’ vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. 3.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27621
CVE-2021-39212 ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. policy domain=“module” rights=“none” pattern=“PS” . The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy. 3.6 https://nvd.nist.gov/vuln/detail/CVE-2021-39212
CVE-2020-13597 Clusters using Calico version 3.14.0 and below , Calico Enterprise version 2.8.2 and below , may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2020-13597
CVE-2021-39220 Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39220
CVE-2020-0368 In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-0368
CVE-2021-21046 Acrobat Reader DC versions versions 2020.013.20074 and earlier , 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-21046
CVE-2021-32453 SITEL CAP PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32453
CVE-2021-20239 A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20239
CVE-2021-4016 Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-4016
CVE-2022-37010 In JetBrains IntelliJ IDEA before 2022.2 email address validation in the “Git User Name Is Not Defined” dialog was missed 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-37010
CVE-2022-22326 IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22326
CVE-2022-31186 NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider’s secret in the log which is thrown during OAuth error handling and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31186
CVE-2020-15185 In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker must have write access to the index file which can occur during a MITM attack on a non-SSL connection . This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the index file in the Helm repository cache before installing software. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2020-15185
CVE-2022-31177 Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue. 2.7 https://nvd.nist.gov/vuln/detail/CVE-2022-31177
CVE-2005-0004 The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. - https://nvd.nist.gov/vuln/detail/CVE-2005-0004
CVE-2007-2401 CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting XSS attacks. - https://nvd.nist.gov/vuln/detail/CVE-2007-2401
CVE-2007-2400 Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting XSS attacks via vectors related to page updating and HTTP redirects. - https://nvd.nist.gov/vuln/detail/CVE-2007-2400
CVE-2007-2399 WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an “invalid type conversion”, which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. - https://nvd.nist.gov/vuln/detail/CVE-2007-2399
CVE-2007-3757 Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted “tel:” link that causes iPhone to display a different number than the number that will be dialed. - https://nvd.nist.gov/vuln/detail/CVE-2007-3757
CVE-2007-3756 Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. - https://nvd.nist.gov/vuln/detail/CVE-2007-3756
CVE-2007-3755 Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a “tel:” link, which does not prompt the user before dialing the number. - https://nvd.nist.gov/vuln/detail/CVE-2007-3755
CVE-2007-3754 Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle MITM attack. - https://nvd.nist.gov/vuln/detail/CVE-2007-3754
CVE-2007-3753 Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service application termination and execute arbitrary code via crafted Service Discovery Protocol SDP packets, related to insufficient input validation. - https://nvd.nist.gov/vuln/detail/CVE-2007-3753
CVE-2007-4671 Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to “alter or access” HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. - https://nvd.nist.gov/vuln/detail/CVE-2007-4671
CVE-2007-3761 Cross-site scripting XSS vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. - https://nvd.nist.gov/vuln/detail/CVE-2007-3761
CVE-2007-3760 Cross-site scripting XSS vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. - https://nvd.nist.gov/vuln/detail/CVE-2007-3760
CVE-2007-3759 Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. - https://nvd.nist.gov/vuln/detail/CVE-2007-3759
CVE-2007-3758 Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting XSS attacks. - https://nvd.nist.gov/vuln/detail/CVE-2007-3758
CVE-2007-5450 Unspecified vulnerability in Safari on the Apple iPod touch aka iTouch and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service application crash , and enable filesystem browsing by the local user, via a certain TIFF file. - https://nvd.nist.gov/vuln/detail/CVE-2007-5450
CVE-2007-5858 WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to “navigate the subframes of any other page,” which can be leveraged to conduct cross-site scripting XSS attacks and obtain sensitive information. - https://nvd.nist.gov/vuln/detail/CVE-2007-5858
CVE-2008-0035 Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service application termination or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. - https://nvd.nist.gov/vuln/detail/CVE-2008-0035
CVE-2008-0034 Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. - https://nvd.nist.gov/vuln/detail/CVE-2008-0034
CVE-2008-0729 Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service memory exhaustion and device crash via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information. - https://nvd.nist.gov/vuln/detail/CVE-2008-0729
CVE-2008-2317 WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. - https://nvd.nist.gov/vuln/detail/CVE-2008-2317
CVE-2008-2303 Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. - https://nvd.nist.gov/vuln/detail/CVE-2008-2303
CVE-2008-1590 JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. - https://nvd.nist.gov/vuln/detail/CVE-2008-1590
CVE-2008-1589 Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a 1 self-signed or 2 invalid certificate, which makes it easier for remote attackers to spoof web sites. - https://nvd.nist.gov/vuln/detail/CVE-2008-1589
CVE-2008-1588 Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. - https://nvd.nist.gov/vuln/detail/CVE-2008-1588
CVE-2008-3632 Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a web page with crafted Cascading Style Sheets CSS import statements. - https://nvd.nist.gov/vuln/detail/CVE-2008-3632
CVE-2008-1586 ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service memory consumption and device reset via a crafted TIFF image. - https://nvd.nist.gov/vuln/detail/CVE-2008-1586
CVE-2008-4227 Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. - https://nvd.nist.gov/vuln/detail/CVE-2008-4227
CVE-2008-4228 The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. - https://nvd.nist.gov/vuln/detail/CVE-2008-4228
CVE-2008-4229 Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. - https://nvd.nist.gov/vuln/detail/CVE-2008-4229
CVE-2008-4230 The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. - https://nvd.nist.gov/vuln/detail/CVE-2008-4230
CVE-2008-4231 Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document. - https://nvd.nist.gov/vuln/detail/CVE-2008-4231
CVE-2008-4232 Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME’s content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. - https://nvd.nist.gov/vuln/detail/CVE-2008-4232
CVE-2008-4233 Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. - https://nvd.nist.gov/vuln/detail/CVE-2008-4233
CVE-2009-1698 WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document. - https://nvd.nist.gov/vuln/detail/CVE-2009-1698
CVE-2009-1699 The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file: etc passwd URL in an entity declaration, related to an “XXE attack.” - https://nvd.nist.gov/vuln/detail/CVE-2009-1699
CVE-2009-1700 The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. - https://nvd.nist.gov/vuln/detail/CVE-2009-1700
CVE-2009-1701 Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. - https://nvd.nist.gov/vuln/detail/CVE-2009-1701
CVE-2009-1702 Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. - https://nvd.nist.gov/vuln/detail/CVE-2009-1702
CVE-2009-0958 Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. - https://nvd.nist.gov/vuln/detail/CVE-2009-0958
CVE-2009-0959 The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted MPEG-4 video file that triggers an “input validation issue.” - https://nvd.nist.gov/vuln/detail/CVE-2009-0959
CVE-2009-0960 The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL. - https://nvd.nist.gov/vuln/detail/CVE-2009-0960
CVE-2009-0961 The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. - https://nvd.nist.gov/vuln/detail/CVE-2009-0961
CVE-2009-1679 The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. - https://nvd.nist.gov/vuln/detail/CVE-2009-1679
CVE-2009-1680 Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history. - https://nvd.nist.gov/vuln/detail/CVE-2009-1680
CVE-2009-1683 The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted ICMP echo request, which triggers an assertion error related to a “logic issue.” - https://nvd.nist.gov/vuln/detail/CVE-2009-1683
CVE-2009-1692 WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service memory consumption or device reset via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. - https://nvd.nist.gov/vuln/detail/CVE-2009-1692
CVE-2009-1724 Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. - https://nvd.nist.gov/vuln/detail/CVE-2009-1724
CVE-2009-1725 WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms KHTML in kdelibs in KDE QtWebKit aka Qt toolkit and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document. - https://nvd.nist.gov/vuln/detail/CVE-2009-1725
CVE-2009-2199 Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. - https://nvd.nist.gov/vuln/detail/CVE-2009-2199
CVE-2009-2206 Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted 1 AAC or 2 MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. - https://nvd.nist.gov/vuln/detail/CVE-2009-2206
CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a “plaintext injection” attack, aka the “Project Mogul” issue. - https://nvd.nist.gov/vuln/detail/CVE-2009-3555
CVE-2010-1387 Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. - https://nvd.nist.gov/vuln/detail/CVE-2010-1387
CVE-2010-1407 WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. - https://nvd.nist.gov/vuln/detail/CVE-2010-1407
CVE-2010-1751 Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. - https://nvd.nist.gov/vuln/detail/CVE-2010-1751
CVE-2010-1752 Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to URL handling. - https://nvd.nist.gov/vuln/detail/CVE-2010-1752
CVE-2010-1753 ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted JPEG image. - https://nvd.nist.gov/vuln/detail/CVE-2010-1753
CVE-2010-1754 Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. - https://nvd.nist.gov/vuln/detail/CVE-2010-1754
CVE-2010-1755 Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. - https://nvd.nist.gov/vuln/detail/CVE-2010-1755
CVE-2010-1756 The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network. - https://nvd.nist.gov/vuln/detail/CVE-2010-1756
CVE-2010-1757 WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. - https://nvd.nist.gov/vuln/detail/CVE-2010-1757
CVE-2010-1775 Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. - https://nvd.nist.gov/vuln/detail/CVE-2010-1775
CVE-2010-2965 The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. - https://nvd.nist.gov/vuln/detail/CVE-2010-2965
CVE-2010-2973 Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. - https://nvd.nist.gov/vuln/detail/CVE-2010-2973
CVE-2010-1781 Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the rendering of an inline element. - https://nvd.nist.gov/vuln/detail/CVE-2010-1781
CVE-2010-1809 The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. - https://nvd.nist.gov/vuln/detail/CVE-2010-1809
CVE-2010-1810 FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. - https://nvd.nist.gov/vuln/detail/CVE-2010-1810
CVE-2010-1811 ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted TIFF file. - https://nvd.nist.gov/vuln/detail/CVE-2010-1811
CVE-2010-1812 Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving selections. - https://nvd.nist.gov/vuln/detail/CVE-2010-1812
CVE-2010-1813 WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving HTML object outlines. - https://nvd.nist.gov/vuln/detail/CVE-2010-1813
CVE-2010-1814 WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving form menus. - https://nvd.nist.gov/vuln/detail/CVE-2010-1814
CVE-2010-1815 Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving scrollbars. - https://nvd.nist.gov/vuln/detail/CVE-2010-1815
CVE-2010-1817 Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted GIF file. - https://nvd.nist.gov/vuln/detail/CVE-2010-1817
CVE-2010-3832 Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity TMSI field. - https://nvd.nist.gov/vuln/detail/CVE-2010-3832
CVE-2010-4180 OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. - https://nvd.nist.gov/vuln/detail/CVE-2010-4180
CVE-2011-1344 Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5 iOS before 4.3.2 for iPhone, iPod, and iPad iOS before 4.2.7 for iPhone 4 CDMA and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. - https://nvd.nist.gov/vuln/detail/CVE-2011-1344
CVE-2012-0876 The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via an XML file with many identifiers with the same value. - https://nvd.nist.gov/vuln/detail/CVE-2012-0876
CVE-2012-2386 Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. - https://nvd.nist.gov/vuln/detail/CVE-2012-2386
CVE-2012-2648 Cross-site scripting XSS vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. - https://nvd.nist.gov/vuln/detail/CVE-2012-2648
CVE-2012-1702 Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. - https://nvd.nist.gov/vuln/detail/CVE-2012-1702
CVE-2013-1861 MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service crash via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. - https://nvd.nist.gov/vuln/detail/CVE-2013-1861
CVE-2013-1523 Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer. - https://nvd.nist.gov/vuln/detail/CVE-2013-1523
CVE-2013-3801 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. - https://nvd.nist.gov/vuln/detail/CVE-2013-3801
CVE-2013-5807 Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication. - https://nvd.nist.gov/vuln/detail/CVE-2013-5807
CVE-2014-2440 Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. - https://nvd.nist.gov/vuln/detail/CVE-2014-2440
CVE-2014-3515 The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to “type confusion” issues in 1 ArrayObject and 2 SPLObjectStorage. - https://nvd.nist.gov/vuln/detail/CVE-2014-3515
CVE-2014-8964 Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service crash or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. - https://nvd.nist.gov/vuln/detail/CVE-2014-8964
CVE-2014-9425 Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - https://nvd.nist.gov/vuln/detail/CVE-2014-9425
CVE-2015-1351 Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - https://nvd.nist.gov/vuln/detail/CVE-2015-1351
CVE-2015-2568 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. - https://nvd.nist.gov/vuln/detail/CVE-2015-2568
CVE-2015-4879 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. - https://nvd.nist.gov/vuln/detail/CVE-2015-4879
CVE-2022-35924 NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: `,` to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim’s e-mail addresses. The attacker could then login as a newly created user with the email being `,`. This means that basic authorization like `email.endsWith “@victim.com” ` in the `signIn` callback would fail to communicate a threat to the developer and would let the attacker bypass authorization, even with an `@attacker.com` address. This vulnerability has been patched in `v4.10.3` and `v3.29.10` by normalizing the email value that is sent to the sign-in endpoint before accessing it anywhere else. We also added a `normalizeIdentifier` callback on the `EmailProvider` configuration, where you can further tweak your requirements for what your system considers a valid e-mail address. E.g.: strict RFC2821 compliance . Users are advised to upgrade. There are no known workarounds for this vulnerability. If for some reason you cannot upgrade, you can normalize the incoming request using Advanced Initialization. - https://nvd.nist.gov/vuln/detail/CVE-2022-35924
CVE-2022-29807 A SQL injection vulnerability exists within Quest KACE Systems Management Appliance SMA through 12.0 that can allow for remote code execution via download_agent_installer.php. - https://nvd.nist.gov/vuln/detail/CVE-2022-29807
CVE-2022-29808 In Quest KACE Systems Management Appliance SMA through 12.0, predictable token generation occurs when appliance linking is enabled. - https://nvd.nist.gov/vuln/detail/CVE-2022-29808
CVE-2022-30285 In Quest KACE Systems Management Appliance SMA through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. - https://nvd.nist.gov/vuln/detail/CVE-2022-30285
CVE-2022-36967 In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting XSS vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator’s web session. This would allow the attacker to execute code within the context of the victim’s browser. - https://nvd.nist.gov/vuln/detail/CVE-2022-36967
CVE-2022-33917 An issue was discovered in the Arm Mali GPU Kernel Driver Valhall r29p0 through r38p0 . A non-privileged user can make improper GPU processing operations to gain access to already freed memory. - https://nvd.nist.gov/vuln/detail/CVE-2022-33917
CVE-2022-37035 An issue was discovered in bgpd in FRRouting FRR 8.3. In bgp_notify_send_with_data and bgp_process_packet in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. - https://nvd.nist.gov/vuln/detail/CVE-2022-37035
CVE-2022-27616 Improper neutralization of special elements used in an OS command ’OS Command Injection’ vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. - https://nvd.nist.gov/vuln/detail/CVE-2022-27616
CVE-2022-35737 SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. - https://nvd.nist.gov/vuln/detail/CVE-2022-35737
CVE-2022-37394 An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. - https://nvd.nist.gov/vuln/detail/CVE-2022-37394
CVE-2022-27484 A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. - https://nvd.nist.gov/vuln/detail/CVE-2022-27484
CVE-2022-34973 D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. - https://nvd.nist.gov/vuln/detail/CVE-2022-34973
CVE-2022-34974 D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. - https://nvd.nist.gov/vuln/detail/CVE-2022-34974
CVE-2022-35619 D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution RCE vulnerability via the function ssdpcgi_main. - https://nvd.nist.gov/vuln/detail/CVE-2022-35619
CVE-2022-35620 D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution RCE vulnerability via the function binary.soapcgi_main. - https://nvd.nist.gov/vuln/detail/CVE-2022-35620
CVE-2022-28684 This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710. - https://nvd.nist.gov/vuln/detail/CVE-2022-28684
CVE-2022-35866 This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139. - https://nvd.nist.gov/vuln/detail/CVE-2022-35866
CVE-2022-37396 In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution - https://nvd.nist.gov/vuln/detail/CVE-2022-37396
CVE-2022-35928 AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key. - https://nvd.nist.gov/vuln/detail/CVE-2022-35928
CVE-2022-35158 A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service DoS via a crafted lua script. - https://nvd.nist.gov/vuln/detail/CVE-2022-35158
CVE-2022-35161 GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp. - https://nvd.nist.gov/vuln/detail/CVE-2022-35161
CVE-2022-35505 A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command. - https://nvd.nist.gov/vuln/detail/CVE-2022-35505
CVE-2022-35506 TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters. - https://nvd.nist.gov/vuln/detail/CVE-2022-35506
CVE-2022-27166 A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. - https://nvd.nist.gov/vuln/detail/CVE-2022-27166
CVE-2022-28730 A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later. - https://nvd.nist.gov/vuln/detail/CVE-2022-28730
CVE-2022-28731 A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page. - https://nvd.nist.gov/vuln/detail/CVE-2022-28731
CVE-2022-28732 A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later. - https://nvd.nist.gov/vuln/detail/CVE-2022-28732
CVE-2022-34158 A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page. - https://nvd.nist.gov/vuln/detail/CVE-2022-34158
CVE-2022-2647 A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file api . The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2647
CVE-2022-2651 Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social bookwyrm prior to 0.4.5. - https://nvd.nist.gov/vuln/detail/CVE-2022-2651
CVE-2022-2652 Depending on the way the format strings in the card label are crafted it’s possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row . - https://nvd.nist.gov/vuln/detail/CVE-2022-2652
CVE-2022-2653 With this vulnerability an attacker can read many sensitive files like configuration files, or the proc self environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system. - https://nvd.nist.gov/vuln/detail/CVE-2022-2653
CVE-2022-2656 A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596. - https://nvd.nist.gov/vuln/detail/CVE-2022-2656
CVE-2022-25168 Apache Hadoop’s FileUtil.unTar File, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. “Check existence of file before untarring zipping”, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper including HADOOP-18136 . - https://nvd.nist.gov/vuln/detail/CVE-2022-25168
CVE-2022-31118 Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares `a-zA-Z0-9` ^ 15 . It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php settings admin sharing`. - https://nvd.nist.gov/vuln/detail/CVE-2022-31118
CVE-2022-31120 Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available. - https://nvd.nist.gov/vuln/detail/CVE-2022-31120
CVE-2022-31132 Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `. vendor cerdic css-tidy css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF . It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `. vendor cerdic css-tidy css_optimiser.php` - https://nvd.nist.gov/vuln/detail/CVE-2022-31132
CVE-2022-30535 In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-30535
CVE-2022-31119 Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration. - https://nvd.nist.gov/vuln/detail/CVE-2022-31119
CVE-2022-31473 In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-31473
CVE-2022-32455 In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-32455
CVE-2022-33203 In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-33203
CVE-2022-33947 In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface TMUI that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-33947
CVE-2022-33962 In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-33962
CVE-2022-33968 In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-33968
CVE-2022-34651 In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-34651
CVE-2022-34655 In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-34655
CVE-2022-34844 In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit DPDK Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Successful exploitation relies on conditions outside of the attacker’s control. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-34844
CVE-2022-34851 In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-34851
CVE-2022-34862 In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-34862
CVE-2022-34865 In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-34865
CVE-2022-35236 In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-35236
CVE-2022-35240 In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing MR Message Queuing Telemetry Transport MQTT profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-35240
CVE-2022-35241 In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-35241
CVE-2022-35243 In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-35243
CVE-2022-35245 In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-35245
CVE-2022-35272 In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-35272
CVE-2022-35728 In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user’s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-35728
CVE-2022-35735 In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated. - https://nvd.nist.gov/vuln/detail/CVE-2022-35735
CVE-2022-34970 Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service. - https://nvd.nist.gov/vuln/detail/CVE-2022-34970
CVE-2022-34993 Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in etc shadow.sample. - https://nvd.nist.gov/vuln/detail/CVE-2022-34993
CVE-2022-35929 cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified --type defaults to “custom” . This can happen when signing with a standard keypair and with “keyless” signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation --type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue. - https://nvd.nist.gov/vuln/detail/CVE-2022-35929
CVE-2022-35142 An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter. - https://nvd.nist.gov/vuln/detail/CVE-2022-35142
CVE-2022-35143 Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. - https://nvd.nist.gov/vuln/detail/CVE-2022-35143
CVE-2022-35144 Renato v0.17.0 was discovered to contain a cross-site scripting XSS vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-35144
CVE-2022-35858 The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount. - https://nvd.nist.gov/vuln/detail/CVE-2022-35858
CVE-2021-32771 Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615. - https://nvd.nist.gov/vuln/detail/CVE-2021-32771
CVE-2022-35926 Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os net ipv6 uip-nd6.c, where memory read operations from the main packet buffer, codeuip_buf code, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option SLLAO . This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654. - https://nvd.nist.gov/vuln/detail/CVE-2022-35926
CVE-2022-35927 Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option DIO control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue. - https://nvd.nist.gov/vuln/detail/CVE-2022-35927
CVE-2022-31793 do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. - https://nvd.nist.gov/vuln/detail/CVE-2022-31793
CVE-2022-35930 PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified --type defaults to “custom” . An example image that can be used to test this is `ghcr.io distroless static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade. - https://nvd.nist.gov/vuln/detail/CVE-2022-35930
CVE-2022-37030 Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. - https://nvd.nist.gov/vuln/detail/CVE-2022-37030
CVE-2022-37415 The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008. - https://nvd.nist.gov/vuln/detail/CVE-2022-37415
CVE-2022-21186 The package @acrontum filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. - https://nvd.nist.gov/vuln/detail/CVE-2022-21186
CVE-2022-37416 Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. - https://nvd.nist.gov/vuln/detail/CVE-2022-37416
CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader e.g., see the nodejs node reference . - https://nvd.nist.gov/vuln/detail/CVE-2022-37434
CVE-2022-2664 A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file management api rcx_management global_config_query of the component Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2664
CVE-2022-2665 A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615. - https://nvd.nist.gov/vuln/detail/CVE-2022-2665
CVE-2022-2667 A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619. - https://nvd.nist.gov/vuln/detail/CVE-2022-2667
CVE-2022-2671 A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655. - https://nvd.nist.gov/vuln/detail/CVE-2022-2671
CVE-2022-2672 A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656. - https://nvd.nist.gov/vuln/detail/CVE-2022-2672
CVE-2022-2673 A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component Request Handler. The manipulation of the argument email pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2673
CVE-2022-2674 A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2674
CVE-2022-35936 Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode i.e shared the same `CodeHash` will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract’s code is recovered. The new contract deployment restores the `bytecode hash - bytecode` entry in the internal state. - https://nvd.nist.gov/vuln/detail/CVE-2022-35936
CVE-2022-1012 A memory leak problem was found in the TCP source port generation algorithm in net ipv4 tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. - https://nvd.nist.gov/vuln/detail/CVE-2022-1012
CVE-2022-1704 Due to an XML external entity reference, the software parses XML in the backup restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup. - https://nvd.nist.gov/vuln/detail/CVE-2022-1704
CVE-2022-2053 When a request comes through AJP and the request exceeds the max-post-size limit maxEntitySize , Undertow’s AjpServerRequestConduit implementation closes a connection without sending any response to the client proxy. This behavior results in that a front-end proxy marking the backend worker application server as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request 10 seconds intervals from the application server updates the server state. So, in the worst case, it can result in “All workers are in error state” and mod_cluster responds “503 Service Unavailable” for a while up to 10 seconds . In mod_proxy_balancer, it does not forward requests to the worker until the “retry” timeout passes. However, luckily, mod_proxy_balancer has “forcerecovery” setting On by default this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state. . So, unlike mod_cluster, mod_proxy_balancer does not result in responding “503 Service Unavailable”. An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS denial of service . This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2. - https://nvd.nist.gov/vuln/detail/CVE-2022-2053
CVE-2022-2095 An improper access control check in GitLab CE EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project’s Deploy Key’s public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key. - https://nvd.nist.gov/vuln/detail/CVE-2022-2095
CVE-2022-2303 An issue has been discovered in GitLab CE EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. - https://nvd.nist.gov/vuln/detail/CVE-2022-2303
CVE-2022-2307 A lack of cascading deletes in GitLab CE EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. - https://nvd.nist.gov/vuln/detail/CVE-2022-2307
CVE-2022-2326 An issue has been discovered in GitLab CE EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user’s email address as an unverified secondary email. - https://nvd.nist.gov/vuln/detail/CVE-2022-2326
CVE-2022-2417 Insufficient validation in GitLab CE EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. - https://nvd.nist.gov/vuln/detail/CVE-2022-2417
CVE-2022-2456 An issue has been discovered in GitLab CE EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious request. - https://nvd.nist.gov/vuln/detail/CVE-2022-2456
CVE-2022-2459 An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled. - https://nvd.nist.gov/vuln/detail/CVE-2022-2459
CVE-2022-2497 An issue has been discovered in GitLab CE EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious maintainer could exfiltrate an integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. - https://nvd.nist.gov/vuln/detail/CVE-2022-2497
CVE-2022-2498 An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription’s author. - https://nvd.nist.gov/vuln/detail/CVE-2022-2498
CVE-2022-2499 An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab’s Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues. - https://nvd.nist.gov/vuln/detail/CVE-2022-2499
CVE-2022-2500 A cross-site scripting issue has been discovered in GitLab CE EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. - https://nvd.nist.gov/vuln/detail/CVE-2022-2500
CVE-2022-2501 An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required. - https://nvd.nist.gov/vuln/detail/CVE-2022-2501
CVE-2022-2512 An issue has been discovered in GitLab CE EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. - https://nvd.nist.gov/vuln/detail/CVE-2022-2512
CVE-2022-2531 An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2531
CVE-2022-2534 An issue has been discovered in GitLab CE EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. - https://nvd.nist.gov/vuln/detail/CVE-2022-2534
CVE-2022-2539 An issue has been discovered in GitLab CE EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. - https://nvd.nist.gov/vuln/detail/CVE-2022-2539
CVE-2022-31656 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. - https://nvd.nist.gov/vuln/detail/CVE-2022-31656
CVE-2022-31657 VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. - https://nvd.nist.gov/vuln/detail/CVE-2022-31657
CVE-2022-31658 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. - https://nvd.nist.gov/vuln/detail/CVE-2022-31658
CVE-2022-31659 VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. - https://nvd.nist.gov/vuln/detail/CVE-2022-31659
CVE-2022-31660 VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. - https://nvd.nist.gov/vuln/detail/CVE-2022-31660
CVE-2022-31661 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to ‘root’. - https://nvd.nist.gov/vuln/detail/CVE-2022-31661
CVE-2022-31662 VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. - https://nvd.nist.gov/vuln/detail/CVE-2022-31662
CVE-2022-31663 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting XSS vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window. - https://nvd.nist.gov/vuln/detail/CVE-2022-31663
CVE-2022-31664 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. - https://nvd.nist.gov/vuln/detail/CVE-2022-31664
CVE-2022-31665 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. - https://nvd.nist.gov/vuln/detail/CVE-2022-31665
CVE-2022-33714 Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. - https://nvd.nist.gov/vuln/detail/CVE-2022-33714
CVE-2022-33715 Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. - https://nvd.nist.gov/vuln/detail/CVE-2022-33715
CVE-2022-33716 An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. - https://nvd.nist.gov/vuln/detail/CVE-2022-33716
CVE-2022-33717 A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. - https://nvd.nist.gov/vuln/detail/CVE-2022-33717
CVE-2022-33718 An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. - https://nvd.nist.gov/vuln/detail/CVE-2022-33718
CVE-2022-33719 Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. - https://nvd.nist.gov/vuln/detail/CVE-2022-33719
CVE-2022-33720 Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. - https://nvd.nist.gov/vuln/detail/CVE-2022-33720
CVE-2022-33721 A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. - https://nvd.nist.gov/vuln/detail/CVE-2022-33721
CVE-2022-33722 Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. - https://nvd.nist.gov/vuln/detail/CVE-2022-33722
CVE-2022-33723 A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking overlay attack. - https://nvd.nist.gov/vuln/detail/CVE-2022-33723
CVE-2022-33724 Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. - https://nvd.nist.gov/vuln/detail/CVE-2022-33724
CVE-2022-33725 A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. - https://nvd.nist.gov/vuln/detail/CVE-2022-33725
CVE-2022-33726 Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. - https://nvd.nist.gov/vuln/detail/CVE-2022-33726
CVE-2022-33727 A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking overlay attack. - https://nvd.nist.gov/vuln/detail/CVE-2022-33727
CVE-2022-33728 Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. - https://nvd.nist.gov/vuln/detail/CVE-2022-33728
CVE-2022-33729 Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. - https://nvd.nist.gov/vuln/detail/CVE-2022-33729
CVE-2022-33730 Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. - https://nvd.nist.gov/vuln/detail/CVE-2022-33730
CVE-2022-33731 Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. - https://nvd.nist.gov/vuln/detail/CVE-2022-33731
CVE-2022-33732 Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. - https://nvd.nist.gov/vuln/detail/CVE-2022-33732
CVE-2022-33733 Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. - https://nvd.nist.gov/vuln/detail/CVE-2022-33733
CVE-2022-33734 Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. - https://nvd.nist.gov/vuln/detail/CVE-2022-33734
CVE-2022-34768 Supersmart.me - Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder or using an Android application to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer’s cart without verification. Because the number of purchases is serial. - https://nvd.nist.gov/vuln/detail/CVE-2022-34768
CVE-2022-34769 Michlol - rashim web interface Insecure direct object references IDOR . First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user. - https://nvd.nist.gov/vuln/detail/CVE-2022-34769
CVE-2022-36284 Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin = 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin free should be at least installed to get the extra input field on the user profile page. - https://nvd.nist.gov/vuln/detail/CVE-2022-36284
CVE-2022-36296 Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin = 0.2.27 at WordPress allows unauthenticated post update create delete. - https://nvd.nist.gov/vuln/detail/CVE-2022-36296
CVE-2022-36829 PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. - https://nvd.nist.gov/vuln/detail/CVE-2022-36829
CVE-2022-36830 PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. - https://nvd.nist.gov/vuln/detail/CVE-2022-36830
CVE-2022-36831 Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. - https://nvd.nist.gov/vuln/detail/CVE-2022-36831
CVE-2022-36832 Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. - https://nvd.nist.gov/vuln/detail/CVE-2022-36832
CVE-2022-36833 Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name. - https://nvd.nist.gov/vuln/detail/CVE-2022-36833
CVE-2022-36834 Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. - https://nvd.nist.gov/vuln/detail/CVE-2022-36834
CVE-2022-36835 Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. - https://nvd.nist.gov/vuln/detail/CVE-2022-36835
CVE-2022-36836 Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. - https://nvd.nist.gov/vuln/detail/CVE-2022-36836
CVE-2022-36837 Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. - https://nvd.nist.gov/vuln/detail/CVE-2022-36837
CVE-2022-36838 Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. - https://nvd.nist.gov/vuln/detail/CVE-2022-36838
CVE-2022-36839 SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. - https://nvd.nist.gov/vuln/detail/CVE-2022-36839
CVE-2022-36840 DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. - https://nvd.nist.gov/vuln/detail/CVE-2022-36840
CVE-2021-28511 This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. - https://nvd.nist.gov/vuln/detail/CVE-2021-28511
CVE-2022-1158 A flaw was found in KVM. When updating a guest’s page table entry, vm_pgoff was improperly used as the offset to get the page’s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. - https://nvd.nist.gov/vuln/detail/CVE-2022-1158
CVE-2022-1973 A use-after-free flaw was found in the Linux kernel in log_replay in fs ntfs3 fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. - https://nvd.nist.gov/vuln/detail/CVE-2022-1973
CVE-2022-27535 Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its ‘Delete All Service Data And Reports’ feature by the local authenticated attacker. - https://nvd.nist.gov/vuln/detail/CVE-2022-27535
CVE-2022-28880 A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. - https://nvd.nist.gov/vuln/detail/CVE-2022-28880
CVE-2022-29071 This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal CVP where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. - https://nvd.nist.gov/vuln/detail/CVE-2022-29071
CVE-2022-2668 An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled - https://nvd.nist.gov/vuln/detail/CVE-2022-2668
CVE-2022-2675 Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 using firmware version 0.1.35 can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1. - https://nvd.nist.gov/vuln/detail/CVE-2022-2675
CVE-2022-37398 A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. - https://nvd.nist.gov/vuln/detail/CVE-2022-37398
CVE-2022-22299 A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. - https://nvd.nist.gov/vuln/detail/CVE-2022-22299
CVE-2022-2676 A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664. - https://nvd.nist.gov/vuln/detail/CVE-2022-2676
CVE-2022-2677 A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ‘ AND SELECT 4955 FROM SELECT SLEEP 5 RSzF AND ‘htiy’=‘htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2677
CVE-2022-2678 A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2678
CVE-2022-2679 A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file viewReport.php. The manipulation of the argument id with the input UPDATEXML 9729,CONCAT 0x2e,0x716b707071, SELECT ELT 9729=9729,1 ,0x7162766a71 ,7319 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. - https://nvd.nist.gov/vuln/detail/CVE-2022-2679
CVE-2022-2680 A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file login.php. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668. - https://nvd.nist.gov/vuln/detail/CVE-2022-2680
CVE-2022-2681 A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input --redacted-- leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2022-2681
CVE-2022-37450 Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022. - https://nvd.nist.gov/vuln/detail/CVE-2022-37450
CVE-2022-26376 A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-26376
CVE-2022-27631 A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-27631
CVE-2022-29465 An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-29465
CVE-2022-29886 An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-29886
CVE-2022-32543 An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-32543
CVE-2022-2686 A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2686
CVE-2022-2687 A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2687
CVE-2022-2688 A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component Parameter Handler. The manipulation of the argument fromto leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811. - https://nvd.nist.gov/vuln/detail/CVE-2022-2688
CVE-2022-2689 A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file whbs?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812. - https://nvd.nist.gov/vuln/detail/CVE-2022-2689
CVE-2022-2690 A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file whbs?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2690
CVE-2022-2691 A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file whbs?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2691
CVE-2022-2692 A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file whbsadmin?page=user of the component Staff User Profile. The manipulation of the argument First NameLast Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815. - https://nvd.nist.gov/vuln/detail/CVE-2022-2692
CVE-2022-2693 A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816. - https://nvd.nist.gov/vuln/detail/CVE-2022-2693
CVE-2022-2694 A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2694
CVE-2022-37451 Exim before 4.96 has an invalid free in pam_converse in auths call_pam.c because store_free is not used after store_malloc. - https://nvd.nist.gov/vuln/detail/CVE-2022-37451
CVE-2022-27944 Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference. - https://nvd.nist.gov/vuln/detail/CVE-2022-27944
CVE-2022-26979 Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL. - https://nvd.nist.gov/vuln/detail/CVE-2022-26979
CVE-2022-37452 Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. - https://nvd.nist.gov/vuln/detail/CVE-2022-37452
CVE-2022-2697 A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argument post_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205818 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2697
CVE-2022-2698 A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205819. - https://nvd.nist.gov/vuln/detail/CVE-2022-2698
CVE-2022-2699 A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file claire_blake. The manipulation of the argument phoneNumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205820. - https://nvd.nist.gov/vuln/detail/CVE-2022-2699
CVE-2022-2700 A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument day leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205821 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2700
CVE-2022-2701 A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file claire_blake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205822 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2701
CVE-2022-2702 A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2702
CVE-2022-2703 A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205827. - https://nvd.nist.gov/vuln/detail/CVE-2022-2703
CVE-2022-2704 A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205828. - https://nvd.nist.gov/vuln/detail/CVE-2022-2704
CVE-2022-2705 A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admindepartmentsmanage_department.php. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205829 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2705
CVE-2022-2706 A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file pagesclass_sched.php. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205830 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2706
CVE-2022-2707 A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. Affected by this vulnerability is an unknown functionality of the file pagesfaculty_sched.php. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205831. - https://nvd.nist.gov/vuln/detail/CVE-2022-2707
CVE-2022-2708 A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input . Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-205833 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2708
CVE-2022-1323 The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request. - https://nvd.nist.gov/vuln/detail/CVE-2022-1323
CVE-2022-2046 The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. - https://nvd.nist.gov/vuln/detail/CVE-2022-2046
CVE-2022-2269 The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability by default admins , leading to an SQL injection - https://nvd.nist.gov/vuln/detail/CVE-2022-2269
CVE-2022-2355 The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user’s username includes the admin - https://nvd.nist.gov/vuln/detail/CVE-2022-2355
CVE-2022-2356 The Frontend File Manager Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. - https://nvd.nist.gov/vuln/detail/CVE-2022-2356
CVE-2022-2357 The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. - https://nvd.nist.gov/vuln/detail/CVE-2022-2357
CVE-2022-2367 The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images files from, this can be bypassed due to the lack of good “link” parameter validation - https://nvd.nist.gov/vuln/detail/CVE-2022-2367
CVE-2022-2371 The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well. - https://nvd.nist.gov/vuln/detail/CVE-2022-2371
CVE-2022-2372 The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup - https://nvd.nist.gov/vuln/detail/CVE-2022-2372
CVE-2022-2386 The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting - https://nvd.nist.gov/vuln/detail/CVE-2022-2386
CVE-2022-2391 The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. - https://nvd.nist.gov/vuln/detail/CVE-2022-2391
CVE-2022-2395 The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. - https://nvd.nist.gov/vuln/detail/CVE-2022-2395
CVE-2022-2398 The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed - https://nvd.nist.gov/vuln/detail/CVE-2022-2398
CVE-2022-2409 The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. - https://nvd.nist.gov/vuln/detail/CVE-2022-2409
CVE-2022-2410 The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup - https://nvd.nist.gov/vuln/detail/CVE-2022-2410
CVE-2022-2411 The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup - https://nvd.nist.gov/vuln/detail/CVE-2022-2411
CVE-2022-2412 The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup - https://nvd.nist.gov/vuln/detail/CVE-2022-2412
CVE-2022-2423 The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup - https://nvd.nist.gov/vuln/detail/CVE-2022-2423
CVE-2022-2424 The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup - https://nvd.nist.gov/vuln/detail/CVE-2022-2424
CVE-2022-2425 The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed for example in multisite setup - https://nvd.nist.gov/vuln/detail/CVE-2022-2425
CVE-2022-2426 The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. - https://nvd.nist.gov/vuln/detail/CVE-2022-2426
CVE-2022-2460 The WPDating WordPress plugin through 7.1.9 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities. - https://nvd.nist.gov/vuln/detail/CVE-2022-2460
CVE-2022-35487 Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files. - https://nvd.nist.gov/vuln/detail/CVE-2022-35487
CVE-2022-35488 In Zammad 5.2.0, an attacker could manipulate the rate limiting in the ‘forgot password’ feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim. - https://nvd.nist.gov/vuln/detail/CVE-2022-35488
CVE-2022-35489 In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. - https://nvd.nist.gov/vuln/detail/CVE-2022-35489
CVE-2022-35490 Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a prevention against brute-force attacks trying to guess login credentials. After a configurable amount of attempts, users are invalidated and logins prevented. An attacker might work around this prevention, enabling them to send more than the configured amount of requests before the user invalidation takes place. - https://nvd.nist.gov/vuln/detail/CVE-2022-35490
CVE-2022-2713 Insufficient Session Expiration in GitHub repository cockpit-hq cockpit prior to 2.2.0. - https://nvd.nist.gov/vuln/detail/CVE-2022-2713
CVE-2022-35493 A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter. - https://nvd.nist.gov/vuln/detail/CVE-2022-35493
CVE-2022-36264 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. - https://nvd.nist.gov/vuln/detail/CVE-2022-36264
CVE-2022-36265 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device. - https://nvd.nist.gov/vuln/detail/CVE-2022-36265
CVE-2022-36266 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file home www cgi-bin login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page. - https://nvd.nist.gov/vuln/detail/CVE-2022-36266
CVE-2022-36267 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file home www cgi-bin diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device. - https://nvd.nist.gov/vuln/detail/CVE-2022-36267
CVE-2022-34293 wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. - https://nvd.nist.gov/vuln/detail/CVE-2022-34293
CVE-2021-41615 websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1 . NOTE: 2.1.8 is a version from 2003 however, the affected websda.c code appears in multiple derivative works that may be used in 2021. Recent GoAhead software is unaffected. - https://nvd.nist.gov/vuln/detail/CVE-2021-41615
CVE-2022-25907 The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function. - https://nvd.nist.gov/vuln/detail/CVE-2022-25907
CVE-2022-2715 A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205834 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2715
CVE-2022-2722 A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205835. - https://nvd.nist.gov/vuln/detail/CVE-2022-2722
CVE-2022-2723 A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file process eprocess.php. The manipulation of the argument mailuid pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836. - https://nvd.nist.gov/vuln/detail/CVE-2022-2723
CVE-2022-2724 A vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file process aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205837 was assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2724
CVE-2022-2725 A vulnerability was found in SourceCodester Company Website CMS. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add-blog.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-205838 is the identifier assigned to this vulnerability. - https://nvd.nist.gov/vuln/detail/CVE-2022-2725
CVE-2022-2726 A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205839. - https://nvd.nist.gov/vuln/detail/CVE-2022-2726
CVE-2022-35724 It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs . Users should update to apache-avro version 0.14.0 which addresses this issue. - https://nvd.nist.gov/vuln/detail/CVE-2022-35724
CVE-2022-36124 It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs . Users should update to apache-avro version 0.14.0 which addresses this issue. - https://nvd.nist.gov/vuln/detail/CVE-2022-36124
CVE-2022-36125 It is possible to crash panic an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs . Users should update to apache-avro version 0.14.0 which addresses this issue. - https://nvd.nist.gov/vuln/detail/CVE-2022-36125
CVE-2022-2727 A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file mygym admin login.php. The manipulation of the argument admin_email admin_pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205855. - https://nvd.nist.gov/vuln/detail/CVE-2022-2727
CVE-2022-2728 A vulnerability was found in SourceCodester Gym Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file mygym admin index.php. The manipulation of the argument edit_tran leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205856. - https://nvd.nist.gov/vuln/detail/CVE-2022-2728
CVE-2022-2729 Cross-site Scripting XSS - DOM in GitHub repository openemr openemr prior to 7.0.0.1. - https://nvd.nist.gov/vuln/detail/CVE-2022-2729
CVE-2022-2730 Authorization Bypass Through User-Controlled Key in GitHub repository openemr openemr prior to 7.0.0.1. - https://nvd.nist.gov/vuln/detail/CVE-2022-2730
CVE-2022-2731 Cross-site Scripting XSS - Reflected in GitHub repository openemr openemr prior to 7.0.0.1. - https://nvd.nist.gov/vuln/detail/CVE-2022-2731
CVE-2022-2732 Improper Privilege Management in GitHub repository openemr openemr prior to 7.0.0.1. - https://nvd.nist.gov/vuln/detail/CVE-2022-2732
CVE-2022-2733 Cross-site Scripting XSS - Reflected in GitHub repository openemr openemr prior to 7.0.0.1. - https://nvd.nist.gov/vuln/detail/CVE-2022-2733
CVE-2022-2734 Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr openemr prior to 7.0.0.1. - https://nvd.nist.gov/vuln/detail/CVE-2022-2734
CVE-2022-30573 The ftlserver component of TIBCO Software Inc.’s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.’s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO FTL - Enterprise Edition: version 6.8.0. - https://nvd.nist.gov/vuln/detail/CVE-2022-30573
CVE-2022-30574 The ftlserver component of TIBCO Software Inc.’s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software Inc.’s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, TIBCO FTL - Enterprise Edition: version 6.8.0, TIBCO eFTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO eFTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO eFTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO eFTL - Enterprise Edition: version 6.8.0. - https://nvd.nist.gov/vuln/detail/CVE-2022-30574
CVE-2022-29083 Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system. - https://nvd.nist.gov/vuln/detail/CVE-2022-29083

Hỏi Đáp Là gì CVE-2022-22965 CVE-2022-21500 CVE-2022-21445 CVE-2022-1292 CVE-2022-21371 CVE-2022-0778 cve-2022-44228 Log4shell là gì

Bài Viết Liên Quan

Bài tập trắc nghiệm địa lý 10 bài 36 năm 2024
Bài tập trắc nghiệm địa lý 10 bài 36 năm 2024

mẹo hay Khỏe Đẹp Bài tập
Hình thức rửa tiền là như thế nào năm 2024
Hình thức rửa tiền là như thế nào năm 2024

mẹo hay Hỏi Đáp Thế nào
Phim cung đường tội lỗi tập 23 vtv3 năm 2024
Phim cung đường tội lỗi tập 23 vtv3 năm 2024

mẹo hay Phim
Bài tập giới hạn hàm số trang 132 bài 1 năm 2024
Bài tập giới hạn hàm số trang 132 bài 1 năm 2024

mẹo hay Khỏe Đẹp Bài tập
Cách sửa lỗi font chữ trên google chrome năm 2024
Cách sửa lỗi font chữ trên google chrome năm 2024

mẹo hay Mẹo Hay Cách Công Nghệ Google
Hướng dẫn chỉnh sửa văn bản word 2010 năm 2024
Hướng dẫn chỉnh sửa văn bản word 2010 năm 2024

mẹo hay Mẹo Hay Hướng dẫn
Cách hạch toán vay thấu chi ngân hàng năm 2024
Cách hạch toán vay thấu chi ngân hàng năm 2024

mẹo hay Mẹo Hay Cách Khoa Học Ngân hà Hơn
Cách hạch toán gia công hàng may mặc năm 2024
Cách hạch toán gia công hàng may mặc năm 2024

mẹo hay Mẹo Hay Cách
Giải bài tập hóa 12 hợp kim của sắt năm 2024
Giải bài tập hóa 12 hợp kim của sắt năm 2024

mẹo hay Khỏe Đẹp Bài tập
Chứng minh 3 điểm không thẳng hàng toán 6 năm 2024
Chứng minh 3 điểm không thẳng hàng toán 6 năm 2024

mẹo hay
Giải sách bài tập bản đồ lớp 7 năm 2024
Giải sách bài tập bản đồ lớp 7 năm 2024

mẹo hay Khỏe Đẹp Bài tập Học Tốt Sách
Ôn tập chương 1 toán đại lớp 12 năm 2024
Ôn tập chương 1 toán đại lớp 12 năm 2024

mẹo hay
Các hàm phương pháp dịch chuyển mã hóa cổ điển năm 2024
Các hàm phương pháp dịch chuyển mã hóa cổ điển năm 2024

mẹo hay Học Tốt Phương pháp Ngôn ngữ Dịch
Bài tập làm văn tả trường học vào buổi sáng năm 2024
Bài tập làm văn tả trường học vào buổi sáng năm 2024

mẹo hay Khỏe Đẹp Bài tập Học Tốt Học
Ductt111 bài tập vật lý đại cương 1 năm 2024
Ductt111 bài tập vật lý đại cương 1 năm 2024

mẹo hay Khỏe Đẹp Bài tập
Bài ố 5 ôn tập toán lớp 4 tập 2 năm 2024
Bài ố 5 ôn tập toán lớp 4 tập 2 năm 2024

mẹo hay
Sửa lỗi the extended attributes are inconsistent windows 10 năm 2024
Sửa lỗi the extended attributes are inconsistent windows 10 năm 2024

mẹo hay
Coông ty kiểm toán aca thực tập 2023 năm 2024
Coông ty kiểm toán aca thực tập 2023 năm 2024

mẹo hay
Hiệu sách nhân dân thành phố thanh hóa năm 2024
Hiệu sách nhân dân thành phố thanh hóa năm 2024

mẹo hay Học Tốt Sách
Đề toán lớp 5 thi vào lớp 6 năm 2024
Đề toán lớp 5 thi vào lớp 6 năm 2024

mẹo hay

Quảng Cáo

Có thể bạn quan tâm

Giải toán lớp 4 bài phép trừ phân số năm 2024
4 ngày trước . bởi RiotousIniquity
Khu công nghiệp quế võ 1 thuộc xã nào năm 2024
4 ngày trước . bởi UncontrollableChivalry
Cách lập công thức hóa học hữu cơ năm 2024
4 ngày trước . bởi ThickStairway
Bài tập unit 13 tiếng anh 6 có đáp án năm 2024
4 ngày trước . bởi CuriousBedtime
Bị lỗi không thành hoa trong word 2023 năm 2024
5 ngày trước . bởi DenseSnark
Lỗi máy tính không đá được fifa online 4 năm 2024
5 ngày trước . bởi AnnoyingAllotment
Hóa đơn điện tử viettel và easyinvoice cùng lúc năm 2024
5 ngày trước . bởi FavoriteKingdom
Lỗi a java exception has occurred in the main process năm 2024
5 ngày trước . bởi Right-wingYoungster
Phần mềm sửa lỗi thiếu file dll free năm 2024
5 ngày trước . bởi ScrupulousMeans
Viết một bài văn tả cảnh đẹp quê hương em năm 2024
5 ngày trước . bởi Small-timeBookmark

Toplist được quan tâm

#1
Top 9 review kem chống nắng cho bà bầu 2023
7 tháng trước
#2
Top 5 tiếng anh lớp 2 unit 7 trang 46 2023
7 tháng trước
#3
Top 10 tải: mẫu the nhân viên trên excel 2023
7 tháng trước
#4
Top 7 tuyển dụng nhân viên chốt đơn tại nhà 2023
7 tháng trước
#5
Top 7 mẫu nhà 2 tầng chữ l 100m2 mái bằng 2023
7 tháng trước
#6
Top 4 truyện ngắn về quê hương lớp 2 2023
7 tháng trước
#7
Top 6 sơ đồ bộ máy nhà nước thời hồ 2023
7 tháng trước
#8
Top 8 trước việc nhật đảo chính pháp, đảng ta có chủ trương gì mới 2023
7 tháng trước
#9
Top 7 dân số đông đã đem đến cho nước ta 2023
7 tháng trước

Quảng cáo

Xem Nhiều

Castlevania lords of shadow 2 việt hóa fshare năm 2024
1 tuần trước . bởi MasterfulMailing
Đặt bàn thờ ông táo như thế nào năm 2024
3 ngày trước . bởi FuturisticPatriotism
Phần mềm thí nghiệm hóa học trên điện thoại năm 2024
1 tuần trước . bởi UnresponsivePoliceman
Cach fix lỗi ko vào trân dc lol năm 2024
1 tuần trước . bởi UntimelyCelebrity
Bài tập tiếng anh lưu hoằng trí lớp 8 violet năm 2024
1 tuần trước . bởi Off-dutyLiner
Bị lỗi không thành hoa trong word 2023 năm 2024
5 ngày trước . bởi DenseSnark
Nên dùng biện pháp tránh thai nào sau sinh năm 2024
1 tuần trước . bởi GleamingTransmitter
Cai đặt phương thức thanh toán website wordpress năm 2024
1 ngày trước . bởi MarshyTights
Lỗi không đang nhập được đồng bộ hóa coccoc năm 2024
4 ngày trước . bởi OccupiedCross-examination
Chữa thoái hóa xương khớp của đỗ đưcs ngocj năm 2024
2 ngày trước . bởi AffectedHacker

Quảng cáo

Chúng tôi

Điều khoản

Trợ giúp

Mạng xã hội

DMCA.com Protection Status
Bản quyền © 2021 MarketingBlog Inc.