Vulnerability Summary for the Week of August 29, 2022 (OLD)

Released
Sep 08, 2022
Document ID
SB22-251

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
owasp -- owasp_modsecurity_core_rule_setModsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.2022-09-029.8CVE-2020-22669
CONFIRM
MISC
sqlite -- sqliteIn SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.2022-09-019.8CVE-2020-35527
MISC
publiccms -- publiccmsServer-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.2022-09-029.8CVE-2021-27693
MISC
MISC
redhat -- single_sign-onA flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.2022-08-269.8CVE-2021-3632
MISC
MISC
MISC
MISC
MISC
font_converter_project -- font_converterAll versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.2022-08-299.8CVE-2022-21165
CONFIRM
CONFIRM
johnsoncontrols -- istar_ultra_firmwareAll versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that could allow an unauthenticated user root access to the system.2022-08-319.8CVE-2022-21941
CERT
CONFIRM
qualcomm -- aqt1000_firmwareMemory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile2022-09-029.8CVE-2022-22096
CONFIRM
apollotheme -- ap_pagebuilderA SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.2022-08-299.8CVE-2022-22897
MISC
mongoosejs -- mongooseSchema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution.2022-08-269.8CVE-2022-24304
MISC
CONFIRM
CONFIRM
quarkus -- quarkusIt was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.2022-08-319.8CVE-2022-2466
MISC
apache -- ofbizApache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.2022-09-029.8CVE-2022-25371
CONFIRM
MLIST
MLIST
get-process-by-name_project -- get-process-by-nameAll versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.2022-08-299.8CVE-2022-25644
CONFIRM
CONFIRM
qualcomm -- apq8017_firmwareMemory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-029.8CVE-2022-25657
CONFIRM
qualcomm -- apq8009_firmwareMemory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-029.8CVE-2022-25658
CONFIRM
qualcomm -- apq8009_firmwareMemory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-029.8CVE-2022-25659
CONFIRM
qualcomm -- apq8009_firmwareMemory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-029.8CVE-2022-25668
CONFIRM
morgan-json_project -- morgan-jsonAll versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.2022-08-299.8CVE-2022-25921
CONFIRM
CONFIRM
redhat -- enterprise_linux_workstationThe version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.2022-09-019.8CVE-2022-2738
MISC
MISC
apache -- ofbizThe Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.2022-09-029.8CVE-2022-29063
CONFIRM
MLIST
simple_task_managing_system_project -- simple_task_managing_systemA vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423.2022-08-279.8CVE-2022-3013
N/A
honeywell -- controledge_plc_firmwareHoneywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.2022-08-319.8CVE-2022-30318
MISC
MISC
dell -- smartfabric_storage_softwareSmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.2022-08-309.8CVE-2022-31232
MISC
draytek -- vigor3910_firmwareAn issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.2022-08-299.8CVE-2022-32548
MISC
MISC
totolink -- a7000r_firmwareTOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.2022-08-299.8CVE-2022-32993
MISC
MISC
dell -- emc_powerscale_onefsDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.2022-09-029.8CVE-2022-34371
MISC
dell -- cloudlinkDell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.2022-09-019.8CVE-2022-34379
CONFIRM
nvidia -- nvflareNVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.2022-08-299.8CVE-2022-34668
CONFIRM
nodebb -- nodebbNodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability.2022-08-319.8CVE-2022-36045
MISC
CONFIRM
MISC
doctor\'s_appointment_system_project -- doctor\'s_appointment_systemDoctor's Appointment System 1.0 is vulnerable to SQL Injection via booking.php has ?id=.2022-08-319.8CVE-2022-36201
MISC
MISC
MISC
doctor\'s_appointment_system_project -- doctor\'s_appointment_systemDoctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.2022-08-319.8CVE-2022-36202
MISC
MISC
MISC
edoc-doctor-appointment-system_project -- edoc-doctor-appointment-systemEdoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.2022-08-269.8CVE-2022-36543
MISC
MISC
edoc-doctor-appointment-system_project -- edoc-doctor-appointment-systemEdoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.2022-08-269.8CVE-2022-36544
MISC
MISC
edoc-doctor-appointment-system_project -- edoc-doctor-appointment-systemEdoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.2022-08-269.8CVE-2022-36545
MISC
MISC
hytec -- hwl-2511-ss_firmwareHytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.2022-08-299.8CVE-2022-36553
MISC
MISC
MISC
hytec -- hwl-2511-ss_firmwareA command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges.2022-08-299.8CVE-2022-36554
MISC
MISC
MISC
hytec -- hwl-2511-ss_firmwareHytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack.2022-08-299.8CVE-2022-36555
MISC
MISC
MISC
seiko-sol -- skybridge_mb-a100_firmwareSeiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01.2022-08-299.8CVE-2022-36556
MISC
MISC
seiko-sol -- skybridge_mb-a100_firmwareSeiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file.2022-08-299.8CVE-2022-36557
MISC
MISC
seiko-sol -- skybridge_mb-a100_firmwareSeiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg.2022-08-299.8CVE-2022-36558
MISC
MISC
seiko-sol -- skybridge_mb-a200_firmwareSeiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi.2022-08-299.8CVE-2022-36559
MISC
MISC
seiko-sol -- skybridge_mb-a200_firmwareSeiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh.2022-08-299.8CVE-2022-36560
MISC
MISC
rengine_project -- rengineRengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.2022-08-319.8CVE-2022-36566
MISC
sinsiu -- enterprise_website_systemSinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/.2022-08-299.8CVE-2022-36572
MISC
mybatis -- mapperMapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.2022-09-029.8CVE-2022-36594
MISC
jinglemining -- jasminer_x4_server_firmwareThe Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands.2022-09-019.8CVE-2022-36601
MISC
clinic\'s_patient_management_system_project -- clinic\'s_patient_management_systemClinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php.2022-09-029.8CVE-2022-36609
MISC
influxdata -- influxdb** DISPUTED ** influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."2022-09-029.8CVE-2022-36640
MISC
MISC
MISC
MISC
MISC
MISC
telosalliance -- omnia_mpx_node_firmwareA local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.2022-09-029.8CVE-2022-36642
MISC
MISC
MISC
MISC
ingredients_stock_management_system_project -- ingredients_stock_management_systemIngredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php.2022-08-289.8CVE-2022-36705
MISC
ingredients_stock_management_system_project -- ingredients_stock_management_systemIngredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php.2022-08-289.8CVE-2022-36706
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php.2022-08-289.8CVE-2022-36708
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php.2022-08-309.8CVE-2022-36709
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php.2022-08-309.8CVE-2022-36711
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php.2022-08-309.8CVE-2022-36712
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php.2022-08-309.8CVE-2022-36713
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php.2022-08-309.8CVE-2022-36714
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php.2022-08-309.8CVE-2022-36730
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php.2022-08-309.8CVE-2022-36731
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php.2022-08-309.8CVE-2022-36732
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.2022-08-309.8CVE-2022-36733
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.2022-08-309.8CVE-2022-36734
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php.2022-08-309.8CVE-2022-36735
MISC
sourcefabric -- rpi-jukebox-rfidRPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file.2022-08-309.8CVE-2022-36749
MISC
dlink -- dir-845l_firmwareD-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.2022-08-289.8CVE-2022-36755
MISC
MISC
dlink -- dir-845l_firmwareDIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php.2022-08-289.8CVE-2022-36756
MISC
MISC
online_food_ordering_system_project -- online_food_ordering_systemOnline Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=.2022-09-029.8CVE-2022-36759
MISC
apache -- geodeApache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. If upgrading to Java 11 is not possible, then upgrade to Apache Geode 1.15 and specify "--J=-Dgeode.enableGlobalSerialFilter=true" when starting any Locators or Servers. Follow the documentation for details on specifying any user classes that may be serialized/deserialized with the "serializable-object-filter" configuration option. Using a global serial filter will impact performance.2022-08-319.8CVE-2022-37021
CONFIRM
trendnet -- tew733gr_firmwareTRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.2022-08-289.8CVE-2022-37053
MISC
MISC
dlink -- go-rt-ac750_firmwareD-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,2022-08-289.8CVE-2022-37055
MISC
MISC
dlink -- go-rt-ac750_firmwareD-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main,2022-08-289.8CVE-2022-37056
MISC
MISC
dlink -- go-rt-ac750_firmwareD-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.2022-08-289.8CVE-2022-37057
MISC
MISC
dlink -- dir-816_firmwareIn D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.2022-08-319.8CVE-2022-37128
MISC
MISC
dlink -- dir-816_firmwareIn D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability2022-08-319.8CVE-2022-37130
MISC
MISC
wavlink -- wl-wn575a3_firmwareWAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.2022-08-309.8CVE-2022-37149
MISC
tendacn -- ac6_firmwareTenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.2022-08-309.8CVE-2022-37176
MISC
MISC
MISC
leyan -- salary_management_systemLe-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service.2022-08-309.8CVE-2022-38116
MISC
linksys -- e1200_firmwareLinksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.2022-08-289.8CVE-2022-38555
MISC
MISC
trendnet -- tew733gr_firmwareTrendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.2022-08-289.8CVE-2022-38556
MISC
dlink -- dir-845l_firmwareD-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.2022-08-289.8CVE-2022-38557
MISC
MISC
exotel_project -- exotelThe exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.2022-08-279.8CVE-2022-38792
MISC
MISC
MISC
MISC
tcpdump -- tcpdumpThe VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.2022-08-279.1CVE-2019-15167
CONFIRM
openstack -- keystoneA flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.2022-08-269.1CVE-2021-3563
MISC
MISC
MISC
MISC
redhat -- jboss_core_services_httpdA flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.2022-08-269.1CVE-2021-3688
MISC
MISC
automationdirect -- d0-06dd1_firmwareAutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;2022-08-319.1CVE-2022-2003
CONFIRM
CONFIRM
qualcomm -- apq8009_firmwareAn out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking2022-09-029.1CVE-2022-22062
CONFIRM
dell -- powerprotect_cyber_recoveryDell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality2022-09-019.1CVE-2022-34372
CONFIRM
clusterlabs -- hawkAn issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root.2022-08-268.8CVE-2021-3020
MISC
MISC
MISC
ericsson -- network_managerIn Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation.2022-08-268.8CVE-2021-32570
MISC
MISC
samba -- sambaThe Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.2022-08-298.8CVE-2022-0336
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelA flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.2022-08-298.8CVE-2022-1043
MISC
MISC
MISC
MISC
gnu -- gzipAn arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.2022-08-318.8CVE-2022-1271
MISC
MISC
MISC
MISC
MISC
MISC
MISC
GENTOO
postgresql -- postgresqlA flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.2022-08-318.8CVE-2022-1552
MISC
MISC
MISC
MISC
redhat -- advanced_cluster_securityA flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.2022-09-018.8CVE-2022-1902
MISC
MISC
MISC
openstack -- keystoneA flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access.2022-09-018.8CVE-2022-2447
MISC
MISC
broadcom -- symantec_privileged_access_managementA malicious unauthorized PAM user can access the administration configuration data and change the values.2022-08-268.8CVE-2022-25625
MISC
sonicwall -- sma_200_firmwareA Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.2022-08-268.8CVE-2022-2915
CONFIRM
fast_food_ordering_system_project -- fast_food_ordering_systemA vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability.2022-08-278.8CVE-2022-3012
N/A
N/A
tooljet -- tooljetThe forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).2022-08-298.8CVE-2022-3019
MISC
CONFIRM
ibm -- datapower_gatewayIBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.2022-08-268.8CVE-2022-31773
XF
CONFIRM
dell -- container_storage_modulesDell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.2022-08-308.8CVE-2022-34374
MISC
contiki-ng -- contiki-ngContiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8.2022-09-018.8CVE-2022-36052
MISC
CONFIRM
contiki-ng -- contiki-ngContiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet's end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8.2022-09-018.8CVE-2022-36053
MISC
CONFIRM
contiki-ng -- contiki-ngContiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer's boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker.2022-09-018.8CVE-2022-36054
MISC
CONFIRM
mp3-jplayer_project -- mp3-jplayerMultiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress.2022-09-018.8CVE-2022-36373
CONFIRM
CONFIRM
kensite_cms_project -- kensite_cmsKensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.2022-08-268.8CVE-2022-36529
MISC
MISC
rubyinstaller -- rubyinstaller2Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.2022-08-308.8CVE-2022-36562
MISC
rubyinstaller -- rubyinstaller2Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.2022-08-308.8CVE-2022-36563
MISC
strawberryperl -- strawberryperlIncorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.2022-08-308.8CVE-2022-36564
MISC
wampserver -- wampserverIncorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.2022-08-308.8CVE-2022-36565
MISC
tenda -- ac9_firmwareTenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.2022-08-318.8CVE-2022-36568
MISC
tenda -- ac9_firmwareTenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.2022-08-318.8CVE-2022-36569
MISC
garage_management_system_project -- garage_management_systemGarage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.2022-09-028.8CVE-2022-36636
MISC
MISC
ingredient_stock_management_system_project -- ingredient_stock_management_systemIngredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=.2022-08-298.8CVE-2022-36686
MISC
ingredient_stock_management_system_project -- ingredient_stock_management_systemIngredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.2022-08-298.8CVE-2022-36688
MISC
ingredient_stock_management_system_project -- ingredient_stock_management_systemIngredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.2022-08-298.8CVE-2022-36689
MISC
ingredient_stock_management_system_project -- ingredient_stock_management_systemIngredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.2022-08-298.8CVE-2022-36690
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.2022-08-288.8CVE-2022-36704
MISC
apache -- geodeApache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will automatically protect JMX over RMI against deserialization attacks. This should have no impact on performance since it only affects JMX/RMI which Gfsh uses to communicate with the JMX Manager which is hosted on a Locator.2022-08-318.8CVE-2022-37022
CONFIRM
dlink -- dir-816_firmwareD-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.2022-08-318.8CVE-2022-37123
MISC
MISC
dlink -- dir-816_firmwareD-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.2022-08-318.8CVE-2022-37129
MISC
MISC
garage_management_system_project -- garage_management_systemThe application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file.2022-08-318.8CVE-2022-37184
MISC
hgiga -- oaklouds_portalOAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.2022-08-308.8CVE-2022-38118
MISC
patlite -- nbm-d88n_firmware** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerability.2022-08-298.8CVE-2022-38625
MISC
MISC
MISC
zohocorp -- manageengine_opmanagerZoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.2022-08-298.8CVE-2022-38772
MISC
MISC
freeciv -- freecivFreeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL.2022-08-318.8CVE-2022-39047
MISC
MISC
MISC
MLIST
libdwarf_project -- libdwarflibdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.2022-09-028.8CVE-2022-39170
MISC
MISC
bluez -- bluezBlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.2022-09-028.8CVE-2022-39176
MISC
MISC
bluez -- bluezBlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.2022-09-028.8CVE-2022-39177
MISC
MISC
dpdk -- data_plane_development_kitA permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.2022-08-318.6CVE-2022-2132
MISC
MISC
MLIST
deltaww -- delta_robot_automation_studioDelta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.2022-08-318.6CVE-2022-2759
MISC
qualcomm -- qca6391_firmwareDue to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-028.4CVE-2021-35134
CONFIRM
fapolicyd_project -- fapolicydA vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.2022-08-298.4CVE-2022-1117
MISC
MISC
MISC
MISC
moxa -- nport_5110_firmwareMOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device.2022-08-318.2CVE-2022-2044
MISC
dell -- cloudlinkDell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.2022-09-018.2CVE-2022-34380
CONFIRM
dell -- edge_gateway_5200_firmwareDell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.2022-08-318.2CVE-2022-34383
CONFIRM
redhat -- satelliteA flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.2022-08-268.1CVE-2021-3414
MISC
MISC
htmly -- htmlyhtmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.2022-08-268.1CVE-2021-40285
MISC
lexmark -- b2236_firmwareVarious Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation.2022-08-268.1CVE-2022-29850
MISC
MISC
ssctech -- blue_prism_enterpriseAn issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server's settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name.2022-08-268.1CVE-2022-36120
MISC
MISC
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.2022-09-018.1CVE-2022-36773
CONFIRM
XF
dell -- powermax_osUnisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.2022-08-318CVE-2022-31233
CONFIRM
theforeman -- foremanA flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2022-08-267.8CVE-2021-20260
MISC
MISC
avaya -- ip_officeA privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.2022-09-027.8CVE-2021-25657
CONFIRM
MISC
rpm -- rpmIt was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.2022-08-267.8CVE-2021-35939
MISC
MISC
MISC
MISC
MISC
foxit -- phantompdfFoxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.2022-08-297.8CVE-2021-41780
MISC
foxit -- phantompdfFoxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.2022-08-297.8CVE-2021-41781
MISC
foxit -- phantompdfFoxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.2022-08-297.8CVE-2021-41782
MISC
foxit -- phantompdfFoxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.2022-08-297.8CVE-2021-41783
MISC
foxit -- phantompdfFoxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.2022-08-297.8CVE-2021-41784
MISC
foxit -- phantompdfFoxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.2022-08-297.8CVE-2021-41785
MISC
qemu -- qemuA flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.2022-08-297.8CVE-2022-0358
MISC
MISC
MISC
libmodbus -- libmodbusA heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.2022-08-297.8CVE-2022-0367
MISC
MISC
MISC
MLIST
deltaww -- cncsoftCNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition.2022-08-317.8CVE-2022-1405
MISC
fujielectric -- alpha7_pc_loader_firmwareAlpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code.2022-08-317.8CVE-2022-1888
MISC
linux -- linux_kernelA flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.2022-08-317.8CVE-2022-1976
MISC
automationdirect -- c-more_ea9-t6cl_firmwareAutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;2022-08-317.8CVE-2022-2006
CONFIRM
qualcomm -- apq8017_firmwareMemory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-027.8CVE-2022-22059
CONFIRM
qualcomm -- ar8035_firmwareOut of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile2022-09-027.8CVE-2022-22061
CONFIRM
qualcomm -- ar8035_firmwarePotential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile2022-09-027.8CVE-2022-22067
CONFIRM
qualcomm -- aqt1000_firmwareDevices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-027.8CVE-2022-22069
CONFIRM
qualcomm -- aqt1000_firmwareMemory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-027.8CVE-2022-22070
CONFIRM
qualcomm -- apq8053_firmwareImproper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music2022-09-027.8CVE-2022-22080
CONFIRM
qualcomm -- qca6574au_firmwareMemory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto2022-09-027.8CVE-2022-22102
CONFIRM
linux -- linux_kernelA flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.2022-09-017.8CVE-2022-2308
MISC
x.org -- xorg-serverA flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.2022-09-017.8CVE-2022-2319
MISC
MISC
MISC
MISC
x.org -- xorg-serverA flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.2022-09-017.8CVE-2022-2320
MISC
MISC
MISC
MISC
MISC
glyphandcog -- xpdfreaderIn Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.2022-08-307.8CVE-2022-24106
CONFIRM
CONFIRM
CONFIRM
CONFIRM
glyphandcog -- xpdfreaderXpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.2022-08-307.8CVE-2022-24107
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm -- msm8996au_firmwareMemory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto2022-09-027.8CVE-2022-25680
CONFIRM
linux -- linux_kernelAn integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.2022-09-017.8CVE-2022-2639
MISC
MISC
fatek -- fvdesignerFATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution.2022-08-317.8CVE-2022-2866
CONFIRM
measuresoft -- scadapro_serverMeasuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.2022-08-317.8CVE-2022-2892
MISC
measuresoft -- scadapro_serverMeasuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.2022-08-317.8CVE-2022-2894
MISC
measuresoft -- scadapro_serverMeasuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.2022-08-317.8CVE-2022-2895
MISC
measuresoft -- scadapro_serverMeasuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.2022-08-317.8CVE-2022-2896
MISC
measuresoft -- scadapro_serverMeasuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..2022-08-317.8CVE-2022-2897
MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0286.2022-08-287.8CVE-2022-3016
CONFIRM
MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0322.2022-08-307.8CVE-2022-3037
CONFIRM
MISC
FEDORA
FEDORA
rubrik -- cdmA buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.2022-08-267.8CVE-2022-30984
MISC
MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0360.2022-09-037.8CVE-2022-3099
CONFIRM
MISC
dell -- command_\|_integration_suite_for_system_centerDell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.2022-08-317.8CVE-2022-34373
CONFIRM
dell -- command_updateDell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.2022-09-027.8CVE-2022-34382
MISC
fluxcd -- flux2Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy.2022-08-317.8CVE-2022-36035
CONFIRM
MISC
mdx-mermaid_project -- mdx-mermaidmdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.2022-08-297.8CVE-2022-36036
CONFIRM
MISC
totolink -- a720r_firmwareTOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.2022-08-297.8CVE-2022-36610
MISC
totolink -- a800r_firmwareTOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.2022-08-297.8CVE-2022-36611
MISC
totolink -- a950rg_firmwareTOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.2022-08-297.8CVE-2022-36612
MISC
totolink -- n600r_firmwareTOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.2022-08-297.8CVE-2022-36613
MISC
totolink -- a860r_firmwareTOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.2022-08-297.8CVE-2022-36614
MISC
totolink -- a3000ru_firmwareTOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.2022-08-297.8CVE-2022-36615
MISC
totolink -- a810r_firmwareTOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.2022-08-297.8CVE-2022-36616
MISC
msys2 -- msys2Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.2022-08-307.8CVE-2022-37172
MISC
vim -- gvimAn issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.2022-08-307.8CVE-2022-37173
MISC
tenda -- tx9_pro_firmwareTenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList.2022-08-297.8CVE-2022-38510
MISC
totolink -- a810r_firmwareTOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.2022-08-297.8CVE-2022-38511
MISC
freedesktop -- popplerPoppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.2022-08-307.8CVE-2022-38784
CONFIRM
MISC
MISC
CONFIRM
MISC
MLIST
DEBIAN
libvncserver_project -- libvncserverlibvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().2022-09-027.5CVE-2020-29260
MISC
sqlite -- sqliteIn SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.2022-09-017.5CVE-2020-35525
MISC
gnu -- gccIn gcc, a crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The problem resides in the ipcp_store_vr_results function in gcc/ipa-cp.c.2022-08-317.5CVE-2020-35537
MISC
redhat -- openshift_serverlessIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.2022-08-267.5CVE-2021-3703
MISC
MISC
gnu -- gccHeap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.2022-09-017.5CVE-2021-3826
MISC
MISC
FEDORA
redhat -- jboss_enterprise_application_platformA flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.2022-08-267.5CVE-2021-3859
MISC
MISC
MISC
MISC
MISC
softlinkint -- oliver_v5_libraryAn arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.2022-09-017.5CVE-2021-45027
MISC
MISC
redhat -- single_sign-onA flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.2022-08-267.5CVE-2022-0084
MISC
MISC
MISC
MISC
prosody -- prosodyIt was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).2022-08-267.5CVE-2022-0217
MISC
MISC
MISC
linux -- linux_kernelAn out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.2022-08-297.5CVE-2022-0400
MISC
MISC
MISC
thekelleys -- dnsmasqA single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.2022-08-297.5CVE-2022-0934
MISC
MISC
MISC
MISC
linux -- linux_kernelA flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.2022-08-297.5CVE-2022-1199
MISC
MISC
MISC
MISC
MISC
MISC
redhat -- jboss_enterprise_application_platformA flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.2022-08-317.5CVE-2022-1259
MISC
MISC
redhat -- single_sign-onA flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.2022-08-317.5CVE-2022-1319
MISC
MISC
MISC
MISC
MISC
automationdirect -- d0-06dd1_firmwareAutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;2022-08-317.5CVE-2022-2004
CONFIRM
automationdirect -- c-more_ea9-t6cl_firmwareAutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;2022-08-317.5CVE-2022-2005
CONFIRM
moxa -- nport_5110_firmwareMOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.2022-08-317.5CVE-2022-2043
MISC
automationdirect -- sio-mb04rtds_firmwareAny attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.2022-08-317.5CVE-2022-2485
CONFIRM
CONFIRM
apache -- ofbizIn Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.2022-09-027.5CVE-2022-25813
CONFIRM
MLIST
snakeyaml_project -- snakeyamlThe package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.2022-08-307.5CVE-2022-25857
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apostrophecms -- sanitize-htmlThe package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.2022-08-307.5CVE-2022-25887
CONFIRM
CONFIRM
CONFIRM
CONFIRM
microfocus -- arcsight_loggerPotential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions.2022-08-317.5CVE-2022-26330
MISC
MISC
redhat -- enterprise_linux_workstationThe version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.2022-09-017.5CVE-2022-2739
MISC
MISC
hcltech -- hcl_inotesHCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.2022-08-297.5CVE-2022-27558
CONFIRM
hcltech -- versionvault_expressAn unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.2022-08-307.5CVE-2022-27563
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.2022-09-017.5CVE-2022-30614
CONFIRM
XF
diagrams -- drawioImproper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.2022-09-027.5CVE-2022-3065
CONFIRM
MISC
databasir -- databasirDatabasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7.2022-09-027.5CVE-2022-31196
MISC
CONFIRM
MISC
samba -- sambaSamba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.2022-09-017.5CVE-2022-32743
MISC
MISC
dell -- emc_powerscale_onefsDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.2022-09-027.5CVE-2022-34369
MISC
dlink -- dsl-3782_firmwareD-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp.2022-08-267.5CVE-2022-35192
MISC
MISC
MISC
MISC
nitrado.js_project -- nitrado.jsnitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.2022-08-297.5CVE-2022-36034
MISC
CONFIRM
nodebb -- nodebbNodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2.2022-09-027.5CVE-2022-36076
MISC
CONFIRM
MISC
fiberhome -- hg150-ub_firmwareIn FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed.2022-08-297.5CVE-2022-36200
MISC
MISC
cskefu -- cskefuInsecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.2022-08-267.5CVE-2022-36521
MISC
zkoss -- zk_frameworkZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.2022-08-267.5CVE-2022-36537
MISC
tendacn -- ac6_firmwareTenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.2022-08-307.5CVE-2022-36552
MISC
MISC
MISC
online_ordering_system_project -- online_ordering_systemOnline Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.2022-08-317.5CVE-2022-36581
MISC
dlink -- dir-816_firmwareIn D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.2022-08-317.5CVE-2022-36619
MISC
MISC
samsung -- mtowerSamsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.2022-09-017.5CVE-2022-36621
MISC
MISC
MISC
samsung -- mtowerSamsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.2022-09-017.5CVE-2022-36622
MISC
MISC
MISC
MISC
carel -- pcoweb_card_firmwareCarel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.2022-08-317.5CVE-2022-37122
MISC
MISC
MISC
hirevue -- hiring_platform** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists.2022-08-297.5CVE-2022-37177
MISC
MISC
zlmediakit_project -- zlmediakitAn attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.2022-08-307.5CVE-2022-37237
MISC
hitachi -- hc-ip9100hd_firmwareAn access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi.2022-08-297.5CVE-2022-37680
MISC
MISC
hitachi -- hc-ip9100hd_firmwareHitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi.2022-08-297.5CVE-2022-37681
MISC
MISC
wolfssl -- wolfsslAn issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.2022-08-317.5CVE-2022-38152
MISC
CONFIRM
MISC
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter.2022-08-287.5CVE-2022-38562
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.2022-08-287.5CVE-2022-38563
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter.2022-08-287.5CVE-2022-38564
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter.2022-08-287.5CVE-2022-38565
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter.2022-08-287.5CVE-2022-38566
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.2022-08-287.5CVE-2022-38567
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter.2022-08-287.5CVE-2022-38568
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.2022-08-287.5CVE-2022-38569
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter.2022-08-287.5CVE-2022-38570
MISC
tenda -- m3_firmwareTenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.2022-08-287.5CVE-2022-38571
MISC
zaver_project -- zaverZaver through 2020-12-15 allows directory traversal via the GET /.. substring.2022-08-277.5CVE-2022-38794
MISC
gnu -- inetutilstelnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.2022-08-307.5CVE-2022-39028
MISC
MISC
MISC
redhat -- enterprise_linuxA flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.2022-08-297.4CVE-2022-0485
MISC
MISC
MISC
MISC
MISC
hcltech -- hcl_inotesHCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.2022-08-297.4CVE-2022-27547
CONFIRM
python-scciclient_project -- python-scciclientA flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.2022-09-017.4CVE-2022-2996
MISC
oauth2-server_project -- oauth2-serverIn oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.2022-08-297.2CVE-2020-26938
MISC
MISC
MISC
MISC
MISC
mapsmarker -- leaflet_maps_markerThe Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.2022-08-297.2CVE-2022-1123
MISC
xplodedthemes -- wpideThe WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.2022-08-297.2CVE-2022-2261
MISC
wpmanageninja -- fluent_supportThe Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users2022-08-297.2CVE-2022-2559
MISC
siteservercms_project -- siteservercmsSiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.2022-08-267.2CVE-2022-36226
MISC
MISC
tenda -- ac9_firmwareTenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.2022-08-317.2CVE-2022-36570
MISC
tenda -- ac9_firmwareTenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.2022-08-317.2CVE-2022-36571
MISC
online_ordering_system_project -- online_ordering_systemAn arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.2022-08-317.2CVE-2022-36580
MISC
garage_management_system_project -- garage_management_systemAn arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.2022-08-317.2CVE-2022-36582
MISC
simple_task_scheduling_system_project -- simple_task_scheduling_systemSimple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.2022-09-017.2CVE-2022-36674
MISC
simple_task_scheduling_system_project -- simple_task_scheduling_systemSimple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.2022-09-017.2CVE-2022-36675
MISC
simple_task_scheduling_system_project -- simple_task_scheduling_systemSimple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.2022-09-017.2CVE-2022-36676
MISC
expense_management_system_project -- expense_management_systemExpense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.2022-09-027.2CVE-2022-36754
MISC
discourse -- discourseDiscourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.2022-09-027.2CVE-2022-37458
MISC
MISC
MISC
imagemagick -- imagemagickA heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.2022-08-297.1CVE-2022-0284
MISC
MISC
MISC
MISC
openscad -- openscadA vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.2022-08-297.1CVE-2022-0497
MISC
MISC
MISC
linux -- linux_kernelA vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.2022-08-297.1CVE-2022-0850
MISC
MISC
MISC
MISC
deltaww -- cncsoftDelta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.2022-08-317.1CVE-2022-1404
MISC
linux -- linux_kernelA flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.2022-08-267CVE-2021-3864
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelAn issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.2022-08-317CVE-2022-1247
MISC
MISC
linux -- linux_kernelA race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.2022-09-017CVE-2022-1729
MISC
MISC
linux -- linux_kernelA race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.2022-08-317CVE-2022-2590
MISC
MISC
linux -- linux_kernelA use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.2022-08-297CVE-2022-2961
MISC
linux -- linux_kernelA race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.2022-08-317CVE-2022-3028
MISC
MISC
FEDORA
FEDORA
FEDORA

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
qualcomm -- ar8035_firmwareUse after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-026.7CVE-2021-35133
CONFIRM
kidan -- cryptopro_securedisk_for_bitlockerA flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.2022-08-266.7CVE-2022-34301
MISC
MISC
horizondatasys -- uefi_bootloaderA flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.2022-08-266.7CVE-2022-34302
MISC
MISC
eurosoft-uk -- uefi_bootloaderA flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.2022-08-266.7CVE-2022-34303
MISC
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609.2022-09-016.5CVE-2020-4301
CONFIRM
XF
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825.2022-09-016.5CVE-2021-20468
CONFIRM
XF
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.2022-09-016.5CVE-2021-29823
CONFIRM
XF
mm-wiki_project -- mm-wikimm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.2022-08-266.5CVE-2021-39394
MISC
asterisk -- certified_asteriskres_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.2022-08-306.5CVE-2021-46837
MISC
dpdk -- data_plane_development_kitA flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.2022-08-296.5CVE-2022-0669
MISC
MISC
MISC
MISC
MISC
redhat -- openshift_container_platformAn Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.2022-09-016.5CVE-2022-1632
MISC
MISC
stop_spam_comments_project -- stop_spam_commentsThe Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.2022-08-296.5CVE-2022-1663
MISC
redhat -- openshift_container_platformOpenShift doesn't properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route.2022-08-316.5CVE-2022-2220
MISC
redhat -- advanced_cluster_management_for_kubernetesA vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.2022-09-016.5CVE-2022-2238
MISC
MISC
mcafee -- data_loss_prevention_endpointImproper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 and 11.6.600 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.2022-08-306.5CVE-2022-2330
CONFIRM
redhat -- openshiftA credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.2022-09-016.5CVE-2022-2403
MISC
MISC
libtiff -- libtiffThere is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc12022-08-316.5CVE-2022-2519
MISC
MISC
libtiff -- libtiffA flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.2022-08-316.5CVE-2022-2520
MISC
MISC
libtiff -- libtiffIt was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.2022-08-316.5CVE-2022-2521
MISC
MISC
realtek -- bluetooth_mesh_software_development_kitRealtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.2022-08-306.5CVE-2022-25635
MISC
atlasgondal -- export_all_urlsThe Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server2022-08-296.5CVE-2022-2638
MISC
realtek -- bluetooth_mesh_software_development_kitRealtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.2022-08-306.5CVE-2022-26527
MISC
realtek -- bluetooth_mesh_software_development_kitRealtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.2022-08-306.5CVE-2022-26528
MISC
realtek -- bluetooth_mesh_software_development_kitRealtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.2022-08-306.5CVE-2022-26529
MISC
hcltech -- versionvault_expressHCL VersionVault Express exposes administrator credentials.2022-08-306.5CVE-2022-27560
MISC
nvidia -- data_plane_development_kitNVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.2022-09-016.5CVE-2022-28199
MISC
MLIST
CISCO
froxlor -- froxlorCross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.2022-08-286.5CVE-2022-3017
CONFIRM
MISC
dell -- emc_networkerDell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.2022-08-306.5CVE-2022-34368
MISC
dell -- container_storage_modulesDell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.2022-08-306.5CVE-2022-34375
MISC
helm -- helmHelm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `--set`, `--set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.2022-09-016.5CVE-2022-36055
MISC
CONFIRM
mikrotik -- routerosMikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.2022-08-266.5CVE-2022-36522
MISC
MISC
edoc-doctor-appointment-system_project -- edoc-doctor-appointment-systemAn access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.2022-08-266.5CVE-2022-36542
MISC
MISC
keking -- kkfileviewkkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.2022-09-026.5CVE-2022-36593
MISC
ingredient_stock_management_system_project -- ingredient_stock_management_systemIngredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.2022-08-296.5CVE-2022-36687
MISC
apache -- geodeApache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling "validate-serializable-objects=true" and specifying any user classes that may be serialized/deserialized with "serializable-object-filter". Enabling "validate-serializable-objects" may impact performance.2022-08-316.5CVE-2022-37023
CONFIRM
aerocms_project -- aerocmsAeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.2022-08-316.5CVE-2022-38812
MISC
MISC
oracle -- linuxA flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)2022-08-296.2CVE-2022-21385
MISC
ibm -- security_identity_managerIBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 2060892022-08-306.1CVE-2021-29864
CONFIRM
XF
deluge-torrent -- delugeThe Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.2022-08-266.1CVE-2021-3427
MISC
MISC
mm-wiki_project -- mm-wikimm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.2022-08-266.1CVE-2021-39393
MISC
libtiff -- libtiffA stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.2022-08-316.1CVE-2022-1355
MISC
MISC
MISC
MISC
linux -- linux_kernelAn out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.2022-08-316.1CVE-2022-1508
MISC
MISC
MISC
MISC
wpovernight -- woocommerce_pdf_invoices\&_packing_slipsThe WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.2022-08-296.1CVE-2022-2537
MISC
nsp-code -- wp_hide_\&_security_enhancerThe WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting2022-08-296.1CVE-2022-2538
MISC
x-data-spreadsheet_project -- x-data-spreadsheetAll versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells.2022-08-306.1CVE-2022-25646
CONFIRM
CONFIRM
CONFIRM
anti-malware_security_and_brute-force_firewall_project -- anti-malware_security_and_brute-force_firewallThe Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting2022-08-296.1CVE-2022-2599
MISC
microfocus -- arcsight_loggerPotential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions.2022-08-316.1CVE-2022-26331
MISC
MISC
hcltech -- hcl_inotesHCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.2022-08-296.1CVE-2022-27546
CONFIRM
simple_task_managing_system_project -- simple_task_managing_systemA vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424.2022-08-276.1CVE-2022-3014
N/A
N/A
fast_food_ordering_system_project -- fast_food_ordering_systemA vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability.2022-08-276.1CVE-2022-3015
N/A
prestashop -- productcommentsThis package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.2022-09-026.1CVE-2022-35933
CONFIRM
MISC
jsoup -- jsoupjsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)2022-08-296.1CVE-2022-36033
CONFIRM
MISC
MISC
doctor\'s_appointment_system_project -- doctor\'s_appointment_systemDoctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.2022-08-316.1CVE-2022-36203
MISC
MISC
MISC
pagekit -- pagekitA cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.2022-08-296.1CVE-2022-36573
MISC
dedecms -- dedecmsDedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.2022-09-016.1CVE-2022-36583
MISC
librenms -- librenmsLibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.2022-08-306.1CVE-2022-36745
MISC
librenms -- librenmsLibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.2022-08-306.1CVE-2022-36746
MISC
cobub -- razorRazor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().2022-08-306.1CVE-2022-36747
MISC
picuploader_project -- picuploaderPicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php.2022-08-306.1CVE-2022-36748
MISC
callrail -- callrail_phone_call_trackingCross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.2022-09-016.1CVE-2022-36796
CONFIRM
CONFIRM
piwigo -- piwigoPiwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.2022-08-316.1CVE-2022-37183
MISC
ls-electric -- xg5000All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming software are affected where passwords are not adequately encrypted during the communication process between the XG5000 software and the affected PLC. This would allow an attacker to identify and decrypt the affected PLC’s password by sniffing the traffic.2022-08-315.9CVE-2022-2758
MISC
wolfssl -- wolfsslAn issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.2022-08-315.9CVE-2022-38153
MISC
CONFIRM
MISC
MISC
zulip -- zulipZulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190.2022-08-295.7CVE-2022-35962
CONFIRM
MISC
MISC
libraw -- librawIn LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.2022-09-015.5CVE-2020-35530
MISC
MISC
libraw -- librawIn LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.2022-09-015.5CVE-2020-35531
MISC
MISC
libraw -- librawIn LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.2022-09-015.5CVE-2020-35532
MISC
MISC
libraw -- librawIn LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file.2022-09-015.5CVE-2020-35533
MISC
MISC
libraw -- librawIn LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.2022-09-015.5CVE-2020-35534
MISC
MISC
libraw -- librawIn LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.2022-09-015.5CVE-2020-35535
MISC
MISC
gnu -- gccIn gcc, an internal compiler error in match_reload function at lra-constraints.c may cause a crash through a crafted input file.2022-08-315.5CVE-2020-35536
MISC
libjpeg-turbo -- libjpeg-turboA crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.2022-08-315.5CVE-2020-35538
MISC
MISC
openstack -- tripleo_heat_templatesA flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.2022-08-265.5CVE-2021-3585
MISC
MISC
MISC
MISC
MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.2022-09-015.5CVE-2021-39009
CONFIRM
XF
ibm -- cognos_analyticsIBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.2022-09-015.5CVE-2021-39045
CONFIRM
XF
foxit -- phantompdfFoxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.2022-08-295.5CVE-2021-40326
MISC
artifex -- mupdfA Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.2022-08-265.5CVE-2021-4216
MISC
MISC
linux -- linux_kernelA flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).2022-08-265.5CVE-2022-0171
MISC
MISC
MISC
virglrenderer_project -- virglrendererA flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.2022-08-265.5CVE-2022-0175
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelA flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.2022-08-295.5CVE-2022-0480
MISC
MISC
MISC
MISC
MISC
MISC
openscad -- openscadA vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().2022-08-295.5CVE-2022-0496
MISC
MISC
MISC
MISC
convert2rhel_project -- convert2rhelThere is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.2022-08-295.5CVE-2022-0851
MISC
MISC
convert2rhel_project -- convert2rhelThere is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.2022-08-295.5CVE-2022-0852
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelA flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.2022-08-295.5CVE-2022-1016
MISC
MISC
MISC
MISC
imagemagick -- imagemagickA heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.2022-08-295.5CVE-2022-1115
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelA use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.2022-08-295.5CVE-2022-1184
MISC
MISC
MISC
linux -- linux_kernelA use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.2022-08-295.5CVE-2022-1198
MISC
MISC
MISC
MISC
linux -- linux_kernelA use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.2022-08-295.5CVE-2022-1204
MISC
MISC
MISC
MISC
linux -- linux_kernelA NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.2022-08-315.5CVE-2022-1263
MISC
MISC
MISC
MISC
cimg -- cimgA flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.2022-08-315.5CVE-2022-1325
MISC
MISC
MISC
MISC
MISC
MISC
libtiff -- libtiffA heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.2022-08-315.5CVE-2022-1354
MISC
MISC
MISC
MISC
samba -- sambaIn Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.2022-09-015.5CVE-2022-1615
MISC
MISC
linux -- linux_kernelThere is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.2022-08-315.5CVE-2022-1975
MISC
linux -- linux_kernelA flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.2022-08-315.5CVE-2022-2153
MISC
MISC
MISC
MISC
MISC
foxit -- pdf_editorFoxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.2022-08-295.5CVE-2022-25641
MISC
sos_project -- sosIt was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev2022-09-015.5CVE-2022-2806
MISC
hp -- oneviewA local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.2022-08-315.5CVE-2022-28625
MISC
measuresoft -- scadapro_serverMeasuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.2022-08-315.5CVE-2022-2898
MISC
libtiff -- libtiffLibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.2022-08-295.5CVE-2022-2953
MISC
MISC
CONFIRM
linux -- linux_kernelFound Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.2022-09-015.5CVE-2022-3061
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.2022-09-015.5CVE-2022-3078
MISC
dell -- emc_powerscale_onefsDell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.2022-09-025.5CVE-2022-34378
MISC
advancemame -- advancecompAdvancecomp v2.3 contains a segmentation fault.2022-08-295.5CVE-2022-35014
MISC
MISC
advancemame -- advancecompAdvancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.2022-08-295.5CVE-2022-35015
MISC
MISC
advancemame -- advancecompAdvancecomp v2.3 was discovered to contain a heap buffer overflow.2022-08-295.5CVE-2022-35016
MISC
MISC
advancemame -- advancecompAdvancecomp v2.3 was discovered to contain a heap buffer overflow.2022-08-295.5CVE-2022-35017
MISC
MISC
advancemame -- advancecompAdvancecomp v2.3 was discovered to contain a segmentation fault.2022-08-295.5CVE-2022-35018
MISC
MISC
advancemame -- advancecompAdvancecomp v2.3 was discovered to contain a segmentation fault.2022-08-295.5CVE-2022-35019
MISC
MISC
advancemame -- advancecompAdvancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.2022-08-295.5CVE-2022-35020
MISC
MISC
xpdfreader -- xpdfXPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.2022-08-305.5CVE-2022-36561
MISC
davs2_project -- davs2PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269.2022-09-025.5CVE-2022-36647
MISC
gnu -- binutilsAssertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.2022-09-015.5CVE-2022-38126
MISC
gnu -- binutilsA NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.2022-09-015.5CVE-2022-38127
MISC
gnu -- binutilsAn infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker.2022-09-015.5CVE-2022-38128
MISC
gnu -- binutilsIn GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.2022-08-265.5CVE-2022-38533
MISC
MISC
mariadb -- mariadbIn MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.2022-08-275.5CVE-2022-38791
MISC
ibm -- rational_quality_managerIBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.2022-08-295.4CVE-2021-38934
CONFIRM
XF
redhat -- keycloakA flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.2022-08-265.4CVE-2022-0225
MISC
MISC
redhat -- single_sign-onA Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.2022-09-015.4CVE-2022-2256
MISC
MISC
apache -- ofbizApache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.2022-09-025.4CVE-2022-25370
CONFIRM
MLIST
MLIST
rosariosis -- rosariosisCross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.2022-09-015.4CVE-2022-3072
CONFIRM
MISC
vmware -- pinnipedAn Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.2022-08-295.4CVE-2022-31677
MISC
dell -- emc_data_protection_advisorDell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.2022-08-305.4CVE-2022-33935
MISC
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116.2022-08-265.4CVE-2022-35714
CONFIRM
XF
getkirby -- kirbykirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. If bad actors gain access to your group of authenticated Panel users they can escalate their privileges via the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. The multiselect field allows selection of tags from an autocompleted list. Unfortunately, the Panel in Kirby 3.5 used HTML rendering for the raw option value. This allowed **attackers with influence on the options source** to store HTML code. The browser of the victim who visited a page with manipulated multiselect options in the Panel will then have rendered this malicious HTML code when the victim opened the autocomplete dropdown. Users are *not* affected by this vulnerability if you don't use the multiselect field or don't use it with options that can be manipulated by attackers. The problem has been patched in Kirby 3.5.8.1.2022-08-295.4CVE-2022-36037
MISC
CONFIRM
MISC
centreon -- centreonCentreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.2022-08-295.4CVE-2022-36194
MISC
MISC
easy_org_chart_project -- easy_org_chartAuthenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress.2022-09-015.4CVE-2022-36355
CONFIRM
CONFIRM
garage_management_system_project -- garage_management_systemGarage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php.2022-09-025.4CVE-2022-36637
MISC
MISC
garage_management_system_project -- garage_management_systemA stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.2022-09-025.4CVE-2022-36639
MISC
MISC
weave.works -- gitopsWeave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.2022-09-015.4CVE-2022-38790
MISC
MISC
MISC
MISC
redhat -- keycloakA flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.2022-08-265.3CVE-2021-3754
MISC
MISC
zephyrproject -- zephyrIn subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.2022-08-315.3CVE-2022-1841
MISC
automattic -- sensei_lmsThe Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers2022-08-295.3CVE-2022-2034
MISC
MISC
nsqua -- simply_schedule_appointmentsThe Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address2022-08-295.3CVE-2022-2373
MISC
linux -- linux_kernelAn issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.2022-09-015.3CVE-2022-2663
MISC
MISC
joomla -- joomla\!An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.2022-08-315.3CVE-2022-27911
MISC
vercel -- next.jsNext.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests.2022-08-315.3CVE-2022-36046
CONFIRM
MISC
ssctech -- blue_prism_enterpriseAn issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.2022-08-265.3CVE-2022-36121
MISC
MISC
MISC
garage_management_system_project -- garage_management_systemAn access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders.2022-09-025.3CVE-2022-36638
MISC
MISC
gnu -- glibcAn issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.2022-08-315.3CVE-2022-39046
MISC
openstack -- oslo.utilsA flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.2022-08-294.9CVE-2022-0718
MISC
MISC
MISC
MISC
MISC
openstack -- barbicanAn authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.2022-09-014.9CVE-2022-23452
MISC
MISC
MISC
MISC
MISC
redhat -- jboss_enterprise_application_platformA flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.2022-09-014.9CVE-2022-2764
MISC
mediawiki -- mediawikiAn issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.2022-09-024.9CVE-2022-39194
MISC
nsqua -- simply_schedule_appointmentsThe Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-08-294.8CVE-2022-2374
MISC
snipeitapp -- snipe-itCross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.2022-08-294.8CVE-2022-3035
MISC
CONFIRM
blogengine -- blogengine.netBlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.2022-09-024.8CVE-2022-36600
MISC
library_management_system_project -- library_management_systemLibrary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.2022-08-304.8CVE-2022-36657
MISC
intelliants -- subrion_cmsCross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field2022-08-294.8CVE-2022-37059
MISC
miniblog.core_project -- miniblog.coreMiniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field.2022-09-024.8CVE-2022-37679
MISC
ovirt -- vdsmA race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.2022-08-264.7CVE-2022-0207
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelA NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.2022-08-314.7CVE-2022-1205
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelAn issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.2022-09-024.7CVE-2022-39188
MISC
MISC
MISC
MISC
MISC
qemu -- qemuA deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.2022-08-264.4CVE-2021-3735
MISC
MISC
MISC
linux -- linux_kernelA denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.2022-08-264.4CVE-2022-0168
MISC
MISC
MISC
qemu -- qemuA use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.2022-08-264.4CVE-2022-0216
MISC
MISC
MISC
MISC
MISC
redhat -- keycloakClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.2022-08-264.3CVE-2021-3856
MISC
MISC
MISC
MISC
MISC
linux -- linux_kernelAn information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.2022-08-294.3CVE-2022-0812
MISC
MISC
MISC
MISC
MISC
automattic -- sensei_lmsThe Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student2022-08-294.3CVE-2022-2080
MISC
MISC
mailchimp -- mailchimp_for_woocommerceThe Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example2022-08-294.3CVE-2022-2267
MISC
debian -- debian_linuxSchroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.2022-08-274.3CVE-2022-2787
MISC
MISC
MISC
zulip -- zulipZulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer’s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected.2022-08-314.3CVE-2022-36048
CONFIRM
linux -- linux_kernelA use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.2022-08-314.1CVE-2022-1974
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
imagemagick -- imagemagickA vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.2022-08-263.3CVE-2021-3574
MISC
MISC
MISC
redhat -- descision_managerA flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.2022-08-263.3CVE-2021-3644
MISC
MISC
MISC
MISC
MISC
MISC
mailchimp -- mailchimp_for_woocommerceThe Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example2022-08-292.7CVE-2022-2556
MISC
wuzhicms -- wuzhicmsA directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:2022-08-262.7CVE-2022-36168
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
N/A -- N/A
 
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().2022-09-01not yet calculatedCVE-2020-27784
MISC
N/A -- N/A
 
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35097
CONFIRM
N/A -- N/A
 
Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile2022-09-02not yet calculatedCVE-2021-35108
CONFIRM
N/A -- N/A
 
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile2022-09-02not yet calculatedCVE-2021-35109
CONFIRM
N/A -- N/A
 
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35113
CONFIRM
N/A -- N/A
 
Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35122
CONFIRM
N/A -- N/A
 
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35132
CONFIRM
N/A -- N/A
 
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-02not yet calculatedCVE-2021-35135
CONFIRM
N/A -- N/A
 
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.2022-09-02not yet calculatedCVE-2021-44718
MISC
MISC
N/A -- N/A
 
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.2022-09-01not yet calculatedCVE-2022-1677
MISC
MISC
N/A -- N/A
 
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT2022-09-02not yet calculatedCVE-2022-22097
CONFIRM
N/A -- N/A
 
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22098
CONFIRM
N/A -- N/A
 
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22099
CONFIRM
N/A -- N/A
 
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22100
CONFIRM
N/A -- N/A
 
Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22101
CONFIRM
N/A -- N/A
 
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22104
CONFIRM
N/A -- N/A
 
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto2022-09-02not yet calculatedCVE-2022-22106
CONFIRM
N/A -- N/A
 
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-125992022-09-02not yet calculatedCVE-2022-29158
CONFIRM
MLIST
N/A -- N/A
 
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols' functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service.2022-08-31not yet calculatedCVE-2022-30317
MISC
MISC
N/A -- N/A
 
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround.2022-09-02not yet calculatedCVE-2022-31152
MISC
MISC
MISC
CONFIRM
N/A -- N/A
 
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer).2022-09-02not yet calculatedCVE-2022-31176
CONFIRM
MISC
N/A -- N/A
 
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. **Actions**, for example, allow creating authorizations (user grants) on newly created users programmatically. Due to a missing authorization check, **Actions** were able to grant authorizations for projects that belong to other organizations inside the same Instance. Granting authorizations via API and Console is not affected by this vulnerability. There is currently no known workaround, users should update.2022-08-31not yet calculatedCVE-2022-36051
MISC
MISC
CONFIRM
N/A -- N/A
 
SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user's password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it.2022-09-02not yet calculatedCVE-2022-36071
MISC
CONFIRM
N/A -- N/A
 
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice.2022-09-02not yet calculatedCVE-2022-36078
CONFIRM
MISC
MISC
N/A -- N/A
 
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.2022-09-01not yet calculatedCVE-2022-36130
MISC
MISC
N/A -- N/A
 
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.2022-09-01not yet calculatedCVE-2022-36449
MISC
N/A -- N/A
 
InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function.2022-09-01not yet calculatedCVE-2022-36602
MISC
N/A -- N/A
 
InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function.2022-09-01not yet calculatedCVE-2022-36603
MISC
N/A -- N/A
 
An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request.2022-09-01not yet calculatedCVE-2022-36604
MISC
N/A -- N/A
 
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/addRouting.2022-08-31not yet calculatedCVE-2022-36620
MISC
MISC
N/A -- N/A
 
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.2022-09-01not yet calculatedCVE-2022-36671
MISC
N/A -- N/A
 
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.2022-09-01not yet calculatedCVE-2022-36672
MISC
N/A -- N/A
 
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.2022-08-31not yet calculatedCVE-2022-37125
MISC
MISC
N/A -- N/A
 
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.2022-09-01not yet calculatedCVE-2022-37435
CONFIRM
N/A -- N/A
 
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.2022-09-02not yet calculatedCVE-2022-38054
CONFIRM
MLIST
N/A -- N/A
 
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.2022-09-02not yet calculatedCVE-2022-38170
CONFIRM
MLIST
MLIST
N/A -- N/A
 
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.2022-09-02not yet calculatedCVE-2022-39189
MISC
MISC
MISC
MISC
N/A -- N/A
 
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.2022-09-02not yet calculatedCVE-2022-39190
MISC
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.