Vulnerability Summary for the Week of September 12, 2022

Released
Sep 19, 2022
Document ID
SB22-262

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- animateAdobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38412
MISC
adobe -- animate
 
Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38411
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30678
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30680
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30681
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30682
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30683
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30684
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30685
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30677
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-30686
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-34218
MISC
adobe -- illustratorAdobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38410
MISC
adobe -- illustratorAdobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38408
MISC
adobe -- illustratorAdobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38409
MISC
adobe -- incopyAdobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38402
MISC
adobe -- incopyAdobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38403
MISC
adobe -- incopyAdobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38404
MISC
adobe -- incopyAdobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38405
MISC
adobe -- incopyAdobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38406
MISC
adobe -- incopyAdobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38407
MISC
adobe -- incopy
 
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38401
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-28854
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-28852
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-28853
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38413
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38414
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38415
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38417
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-30676
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-30671
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-28856
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-28857
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-30675
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-30674
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-28855
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-30673
MISC
adobe -- indesignAdobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-30672
MISC
adobe -- indesign
 
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38416
MISC
adobe -- photoshopAdobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38431
MISC
adobe -- photoshopAdobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38430
MISC
adobe -- photoshopAdobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-35713
MISC
adobe -- photoshopAdobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38432
MISC
adobe -- photoshopAdobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.sue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38433
MISC
adobe -- photoshopAdobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38434
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38427
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38429
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38428
MISC
adobe -- photoshop
 
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2022-09-16not yet calculatedCVE-2022-38426
MISC
adobe -- experience_managerAdobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.2022-09-16not yet calculatedCVE-2022-35664
MISC
adtran -- sr510nSmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.2022-09-14not yet calculatedCVE-2022-37661
MISC
MISC
MISC
aenrich -- a\+hrdaEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x2022-09-09not yet calculatedCVE-2022-28741
MISC
MISC
aenrich -- ehrd_learning_management_key_performance_indicator_systemaEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.2022-09-09not yet calculatedCVE-2022-28740
MISC
MISC
aenrich -- ehrd_learning_management_key_performance_indicator_systemaEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application2022-09-09not yet calculatedCVE-2022-28742
MISC
MISC
aerocms -- aerocmsAeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-09-13not yet calculatedCVE-2022-38305
MISC
airties -- wifi_extenderAn issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.2022-09-15not yet calculatedCVE-2022-38789
MISC
MISC
aivhub -- active_intelligence_visualizationAn issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection.2022-09-09not yet calculatedCVE-2021-44835
MISC
MISC
amanda -- amandaIn Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.2022-09-13not yet calculatedCVE-2022-37703
MISC
MISC
ansys_spaceclaim -- ansys_spaceclaimThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17844.2022-09-15not yet calculatedCVE-2022-40651
MISC
ansys_spaceclaim -- ansys_spaceclaimThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18351.2022-09-15not yet calculatedCVE-2022-40654
MISC
ansys_spaceclaim -- ansys_spaceclaimThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17541.2022-09-15not yet calculatedCVE-2022-40646
MISC
ansys_spaceclaim -- ansys_spaceclaimThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17308.2022-09-15not yet calculatedCVE-2022-40640
MISC
ansys_spaceclaim -- ansys_spaceclaimThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.2022-09-15not yet calculatedCVE-2022-40648
MISC
ansys_spaceclaim -- ansys_spaceclaimThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17540.2022-09-15not yet calculatedCVE-2022-40645
MISC
ansys_spaceclaim -- ansys_spaceclaimThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17407.2022-09-15not yet calculatedCVE-2022-40643
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17838.2022-09-15not yet calculatedCVE-2022-40650
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17565.2022-09-15not yet calculatedCVE-2022-40649
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17558.2022-09-15not yet calculatedCVE-2022-40647
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045.2022-09-15not yet calculatedCVE-2022-40637
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17317.2022-09-15not yet calculatedCVE-2022-40641
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18349.2022-09-15not yet calculatedCVE-2022-40653
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17408.2022-09-15not yet calculatedCVE-2022-40644
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102.2022-09-15not yet calculatedCVE-2022-40638
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17318.2022-09-15not yet calculatedCVE-2022-40642
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17207.2022-09-15not yet calculatedCVE-2022-40639
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17846.2022-09-15not yet calculatedCVE-2022-40652
MISC
ansys_spaceclaim -- ansys_spaceclaim
 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044.2022-09-15not yet calculatedCVE-2022-40636
MISC
anydesk -- anydeskAn issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.2022-09-12not yet calculatedCVE-2021-44426
MISC
MISC
anydesk -- anydeskAn issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).2022-09-12not yet calculatedCVE-2021-44425
MISC
MISC
apache -- calciteIn Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.2022-09-11not yet calculatedCVE-2022-39135
MISC
appsmith -- appsmithAn issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.2022-09-12not yet calculatedCVE-2022-38299
MISC
appsmith -- appsmithAppsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.2022-09-12not yet calculatedCVE-2022-38298
MISC
appwrite -- appwriteCross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1.2022-09-09not yet calculatedCVE-2022-2925
CONFIRM
MISC
archery -- archeryArchery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.2022-09-13not yet calculatedCVE-2022-38540
MISC
archery -- archeryArchery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.2022-09-13not yet calculatedCVE-2022-38541
MISC
archery -- archeryArchery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.2022-09-13not yet calculatedCVE-2022-38542
MISC
archery -- archeryArchery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.2022-09-13not yet calculatedCVE-2022-38537
MISC
archery -- archeryArchery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.2022-09-13not yet calculatedCVE-2022-38538
MISC
archery -- archeryArchery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.2022-09-13not yet calculatedCVE-2022-38539
MISC
ark_web -- moveable_type_plugin_a-formCross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.2022-09-12not yet calculatedCVE-2022-38972
MISC
MISC
MISC
arq_backup -- arq_backupArq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.2022-09-09not yet calculatedCVE-2022-36617
MISC
MISC
assura -- northstar_club_managementThere are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite.2022-09-16not yet calculatedCVE-2022-26959
MISC
MISC
atlassian -- jira
 
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.2022-09-17not yet calculatedCVE-2022-39960
MISC
CONFIRM
avdor_cis -- crystal_qualityAvdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.2022-09-13not yet calculatedCVE-2022-36780
MISC
axiomic_systems -- bento4An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write.2022-09-15not yet calculatedCVE-2022-40738
MISC
axiomic_systems -- bento4
 
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp.2022-09-15not yet calculatedCVE-2022-40736
MISC
axiomic_systems -- bento4
 
An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields.2022-09-15not yet calculatedCVE-2022-40737
MISC
axum-core -- axum-core<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String2022-09-14not yet calculatedCVE-2022-3212
CONFIRM
CONFIRM
baxter -- spectrum_wireless_battery_moduleThe Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive information.2022-09-09not yet calculatedCVE-2022-26390
MISC
MISC
baxter -- spectrum_wireless_battery_moduleThe Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail.2022-09-09not yet calculatedCVE-2022-26394
MISC
MISC
baxter -- spectrum_wireless_battery_moduleThe Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.2022-09-09not yet calculatedCVE-2022-26393
MISC
MISC
baxter -- spectrum_wireless_battery_moduleThe Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.2022-09-09not yet calculatedCVE-2022-26392
MISC
MISC
bolt_cms -- bolt_cmsBolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.2022-09-16not yet calculatedCVE-2022-36532
MISC
MISC
bpc_banking_technologies -- smartvista_cardgenA Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.2022-09-09not yet calculatedCVE-2022-38613
MISC
MISC
MISC
bpc_banking_technologies -- smartvista_front-endSmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.2022-09-09not yet calculatedCVE-2022-38615
MISC
MISC
MISC
bpc_banking_technologies -- smartvista_front-endSmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.2022-09-13not yet calculatedCVE-2022-38616
MISC
MISC
MISC
bpc_banking_technologies -- smartvista_cardgenAn issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.2022-09-09not yet calculatedCVE-2022-38614
MISC
MISC
MISC
budibase -- budibaseImproper Access Control in GitHub repository budibase/budibase prior to 1.3.20.2022-09-16not yet calculatedCVE-2022-3225
MISC
CONFIRM
buildah -- buildahAn incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.2022-09-13not yet calculatedCVE-2022-2990
MISC
MISC
cargo -- cargoCargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.2022-09-14not yet calculatedCVE-2022-36113
MISC
CONFIRM
cargo -- cargo
 
Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.2022-09-14not yet calculatedCVE-2022-36114
CONFIRM
MISC
casdoor -- casdoorCasdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.2022-09-09not yet calculatedCVE-2022-38638
MISC
chromium -- microsoft_edgeMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-38012
MISC
church_management_system -- church_management_systemChurch Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.2022-09-12not yet calculatedCVE-2022-38605
MISC
church_management_system -- church_management_systemChurch Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.2022-09-15not yet calculatedCVE-2022-38594
MISC
church_management_system -- church_management_systemChurch Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.2022-09-15not yet calculatedCVE-2022-38595
MISC
cmark-gfm -- cmark-gfm
 
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.2022-09-15not yet calculatedCVE-2022-39209
CONFIRM
MISC
MISC
contec_health -- cms8000_contec_icu_ccu_vital_signs_patient_monitorThe CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.2022-09-13not yet calculatedCVE-2022-3027
MISC
contechealth -- cms8000Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters2022-09-13not yet calculatedCVE-2022-38069
MISC
contechealth -- cms8000The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network.2022-09-13not yet calculatedCVE-2022-38100
MISC
contechealth -- cms8000A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.2022-09-13not yet calculatedCVE-2022-36385
MISC
contechealth -- cms8000Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities.2022-09-13not yet calculatedCVE-2022-38453
MISC
craft_cms -- craft_cmsCraft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.2022-09-16not yet calculatedCVE-2022-37251
MISC
MISC
craft_cms -- craft_cmsCraft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.2022-09-16not yet calculatedCVE-2022-37247
MISC
MISC
craft_cms -- craft_cmsCraft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.2022-09-16not yet calculatedCVE-2022-37250
MISC
MISC
craft_cms -- craft_cmsCraft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.2022-09-16not yet calculatedCVE-2022-37248
MISC
MISC
crafter_cms -- crafter_cmsImproper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.2022-09-13not yet calculatedCVE-2022-40634
MISC
crafter_cms -- crafter_cmsImproper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.2022-09-13not yet calculatedCVE-2022-40635
MISC
crestron -- airmediaA vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.2022-09-13not yet calculatedCVE-2022-34100
MISC
MISC
crestron -- airmediaInsufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.2022-09-13not yet calculatedCVE-2022-34102
MISC
MISC
crestron -- airmediaA vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.2022-09-13not yet calculatedCVE-2022-34101
MISC
MISC
crushftp -- crushftpAn issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page.2022-09-15not yet calculatedCVE-2021-44076
MISC
MISC
cuppa_cms -- cuppa_cmsCuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.2022-09-12not yet calculatedCVE-2022-38296
MISC
cuppa_cms -- cuppa_cmsCuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.2022-09-12not yet calculatedCVE-2022-38295
MISC
cuppa_cms -- cuppa_cmsThe component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.2022-09-13not yet calculatedCVE-2022-37191
MISC
MISC
cuppa_cms -- cuppa_cmsCuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.2022-09-13not yet calculatedCVE-2022-37190
MISC
MISC
dell -- dell_biosDell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.2022-09-12not yet calculatedCVE-2022-31226
MISC
dell -- dell_biosDell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.2022-09-12not yet calculatedCVE-2022-31225
MISC
dell -- dell_biosDell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.2022-09-12not yet calculatedCVE-2022-31224
MISC
dell -- dell_biosDell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.2022-09-12not yet calculatedCVE-2022-31223
MISC
dell -- dell_biosDell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.2022-09-12not yet calculatedCVE-2022-31220
MISC
dell -- dell_biosDell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.2022-09-12not yet calculatedCVE-2022-31222
MISC
dell -- dell_biosDell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.2022-09-12not yet calculatedCVE-2022-31221
MISC
delta_industrial_automation -- diaenergyDelta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.2022-09-16not yet calculatedCVE-2022-3214
MISC
devolutions -- remote_desktop_managerImproper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.2022-09-13not yet calculatedCVE-2022-3182
MISC
diffplug -- com.diffplug.gradle:goomphThis affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious.2022-09-11not yet calculatedCVE-2022-26049
MISC
MISC
MISC
doufox -- doufox
 
Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-09-16not yet calculatedCVE-2022-38621
MISC
drawio -- drawioOS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.2022-09-09not yet calculatedCVE-2022-3133
MISC
CONFIRM
drawio -- drawioCross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.2022-09-16not yet calculatedCVE-2022-3223
MISC
CONFIRM
eci -- printanista_hubThe login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) through 2022-06-27 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly.2022-09-15not yet calculatedCVE-2022-40306
MISC
MISC
emakin -- 6kare_emakin6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page.2022-09-16not yet calculatedCVE-2020-25491
MISC
espocrm -- espocrmCSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.2022-09-16not yet calculatedCVE-2022-38844
MISC
espocrm -- espocrmCross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.2022-09-16not yet calculatedCVE-2022-38845
MISC
espocrm -- espocrmEspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.2022-09-16not yet calculatedCVE-2022-38843
MISC
espocrm -- espocrmEspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.2022-09-16not yet calculatedCVE-2022-38846
MISC
event_management_system -- event_management_systemEvent Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.2022-09-15not yet calculatedCVE-2022-38323
MISC
feehi -- feehi_cmsA Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.2022-09-14not yet calculatedCVE-2022-38796
MISC
fiberhome -- an5506-02-bA stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.2022-09-15not yet calculatedCVE-2022-38814
MISC
forcepoint -- multiple_productsImproper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.2022-09-12not yet calculatedCVE-2022-1700
MISC
fortinet -- fortisoarAn improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.2022-09-09not yet calculatedCVE-2022-29061
CONFIRM
freshworks -- freshservice_agentFreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.2022-09-12not yet calculatedCVE-2022-36174
MISC
MISC
freshworks -- freshservice_probeFreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.2022-09-12not yet calculatedCVE-2022-36173
MISC
MISC
garage_management_system -- garage_management_systemGarage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector.2022-09-14not yet calculatedCVE-2022-36668
MISC
MISC
garage_management_system -- garage_management_systemGarage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.2022-09-12not yet calculatedCVE-2022-38606
MISC
garage_management_system -- garage_management_systemGarage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.2022-09-14not yet calculatedCVE-2022-36667
MISC
MISC
garage_management_system -- garage_management_systemGarage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.2022-09-12not yet calculatedCVE-2022-38610
MISC
garage_management_system -- garage_management_systemGarage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.2022-09-16not yet calculatedCVE-2022-38877
MISC
genesys_pureconnect -- interaction_web_tools_chat_serviceGenesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.2022-09-16not yet calculatedCVE-2022-37775
MISC
MISC
MISC
genymobile -- genymotion_desktopGenymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary.2022-09-13not yet calculatedCVE-2022-38633
MISC
ghas-to-csv -- ghas-to-csv
 
some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue.2022-09-17not yet calculatedCVE-2022-39217
MISC
CONFIRM
glpi -- glpiGLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search.2022-09-14not yet calculatedCVE-2022-31187
CONFIRM
MISC
glpi -- glpi
 
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal a GLPI administrator cookie. Users are advised to upgrade to 10.0.3. There are no known workarounds for this issue. ### Workarounds Do not use a registration key created by an untrusted person.2022-09-14not yet calculatedCVE-2022-35945
MISC
CONFIRM
glpi -- glpi
 
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration.2022-09-14not yet calculatedCVE-2022-35947
MISC
CONFIRM
glpi -- glpi
 
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script.2022-09-14not yet calculatedCVE-2022-35946
MISC
CONFIRM
glpi -- glpi
 
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds.2022-09-14not yet calculatedCVE-2022-36112
CONFIRM
MISC
glpi -- glpi
 
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of GLPI (like smtp or cas hosts). Note that passwords are not exposed. Users are advised to upgrade to version 10.0.3. There are no known workarounds for this issue.2022-09-14not yet calculatedCVE-2022-31143
MISC
CONFIRM
go -- go-cvss
 
go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`. Users are advised to upgrade. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes defined (e.g. `AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M`). As stated in [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), the CPE v2.3 to refer to this Go module is `cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*`. The entry has already been requested to the NVD CPE dictionary.2022-09-15not yet calculatedCVE-2022-39213
MISC
MISC
CONFIRM
gocron -- gocronCross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue.2022-09-14not yet calculatedCVE-2022-40365
MISC
MISC
google -- androidIn MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2389169212022-09-13not yet calculatedCVE-2021-0943
MISC
google -- androidIn PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2389184032022-09-13not yet calculatedCVE-2021-0697
MISC
google -- androidIn network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed2022-09-09not yet calculatedCVE-2022-39119
MISC
google -- androidSummary:Product: AndroidVersions: Android SoCAndroid ID: A-2382570022022-09-13not yet calculatedCVE-2022-20390
MISC
google -- androidSummary:Product: AndroidVersions: Android SoCAndroid ID: A-2382273282022-09-13not yet calculatedCVE-2022-20386
MISC
google -- androida function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-2383798192022-09-13not yet calculatedCVE-2022-20385
MISC
google -- androidIn sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233606615References: N/A2022-09-14not yet calculatedCVE-2022-20364
MISC
google -- androidIn smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211485702References: N/A2022-09-14not yet calculatedCVE-2022-20231
MISC
google -- androidIn PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2389212532022-09-13not yet calculatedCVE-2021-0871
MISC
google -- androidThe path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-2389043122022-09-13not yet calculatedCVE-2021-0942
MISC
google -- androidIn addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2218597342022-09-13not yet calculatedCVE-2022-20398
MISC
google -- androidIn SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-2344406882022-09-13not yet calculatedCVE-2022-20396
MISC
google -- androidIn extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-2337358862022-09-13not yet calculatedCVE-2022-20393
MISC
google -- androidIn declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-2133236152022-09-13not yet calculatedCVE-2022-20392
MISC
google -- androidSummary:Product: AndroidVersions: Android SoCAndroid ID: A-2382273232022-09-13not yet calculatedCVE-2022-20388
MISC
google -- androidIn checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2218552952022-09-13not yet calculatedCVE-2022-20395
MISC
google -- androidSummary:Product: AndroidVersions: Android SoCAndroid ID: A-2382273242022-09-13not yet calculatedCVE-2022-20387
MISC
google -- androidSummary:Product: AndroidVersions: Android SoCAndroid ID: A-2382570002022-09-13not yet calculatedCVE-2022-20391
MISC
google -- androidSummary:Product: AndroidVersions: Android SoCAndroid ID: A-2382570042022-09-13not yet calculatedCVE-2022-20389
MISC
google -- androidIn the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel2022-09-13not yet calculatedCVE-2022-20399
MISC
google -- android
 
Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.2022-09-17not yet calculatedCVE-2022-39210
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35990
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36002
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36003
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36005
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36001
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36011
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35998
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36013
MISC
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36017
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35999
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36014
MISC
MISC
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36015
CONFIRM
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35997
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36000
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35996
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36026
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35971
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35979
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35974
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35937
MISC
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35973
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35972
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patched in GitHub commit 4142e47e9e31db481781b955ed3ff807a781b494. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35938
MISC
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35935
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35983
CONFIRM
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35988
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35989
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36004
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36019
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35934
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35969
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36027
MISC
CONFIRM
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35963
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35982
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35981
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35995
CONFIRM
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35964
CONFIRM
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35968
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35967
CONFIRM
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35966
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36012
CONFIRM
MISC
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35970
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35993
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35994
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35984
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35992
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35952
MISC
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue.2022-09-16not yet calculatedCVE-2022-35941
MISC
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35940
CONFIRM
MISC
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35985
CONFIRM
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36018
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-36016
MISC
CONFIRM
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35959
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35965
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35960
CONFIRM
MISC
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35939
MISC
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35991
MISC
CONFIRM
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35987
CONFIRM
MISC
google -- tensorflow
 
TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-35986
MISC
CONFIRM
gophish -- gophishThis affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com.2022-09-11not yet calculatedCVE-2022-25295
MISC
MISC
go -- goJoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.2022-09-13not yet calculatedCVE-2022-32190
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA
gpac -- gpacUncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.2022-09-15not yet calculatedCVE-2022-3222
CONFIRM
MISC
gpac -- gpacBuffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.2022-09-12not yet calculatedCVE-2022-3178
MISC
CONFIRM
graphql-java -- graphql-javagraphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4.2022-09-12not yet calculatedCVE-2022-37734
MISC
MISC
CONFIRM
CONFIRM
gravitl -- netmakerNetmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.2022-09-09not yet calculatedCVE-2022-36110
CONFIRM
MISC
hangzhou_ezviz_network -- ezviz_cs-c6n-a0-1c2wfr
 
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.2022-09-15not yet calculatedCVE-2022-2472
MISC
hangzhou_ezviz_network -- ezviz_motion_detectionStack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.2022-09-15not yet calculatedCVE-2022-2471
MISC
hcl -- hcl_travelerThere is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).2022-09-15not yet calculatedCVE-2022-27561
MISC
hitachi_energy -- microscada_x_sys600Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*2022-09-14not yet calculatedCVE-2022-2277
CONFIRM
hitachi_energy -- microscada_x_sys600Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*2022-09-14not yet calculatedCVE-2022-29492
CONFIRM
hitachi_energy -- microscada_x_sys600Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*2022-09-14not yet calculatedCVE-2022-29922
CONFIRM
hitachi_energy -- microscada_x_sys600Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*2022-09-14not yet calculatedCVE-2022-1778
CONFIRM
hitachi_energy -- microscada_x_sys600Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*2022-09-12not yet calculatedCVE-2022-29490
CONFIRM
honeywell -- softmasterA local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.2022-09-16not yet calculatedCVE-2022-2332
CONFIRM
CONFIRM
honeywell -- softmasterIf an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.2022-09-16not yet calculatedCVE-2022-2333
CONFIRM
CONFIRM
hospital_information_system -- hospital_information_systemHospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.2022-09-14not yet calculatedCVE-2022-36669
MISC
MISC
MISC
MISC
hospital_management_system -- hospital_management_systemHospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.2022-09-13not yet calculatedCVE-2022-38637
MISC
MISC
hotel_management_system -- hotel_management_systemMultiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".2022-09-12not yet calculatedCVE-2022-36254
MISC
MISC
hoteldruid -- hotel_management_softwareThe component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.2022-09-16not yet calculatedCVE-2021-42949
MISC
MISC
MISC
hoteldruid -- hotel_management_softwareHotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.2022-09-16not yet calculatedCVE-2021-42948
MISC
MISC
MISC
hoyoverse -- mhyprot2.sysThe HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.2022-09-14not yet calculatedCVE-2020-36603
MISC
MISC
MISC
MISC
MISC
hp -- thinproA potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.2022-09-13not yet calculatedCVE-2022-1602
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.2022-09-16not yet calculatedCVE-2022-38993
MISC
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2022-38978
MISC
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2022-38997
MISC
MISC
huawei -- emui/magic_uiThe MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.2022-09-16not yet calculatedCVE-2022-39006
MISC
MISC
huawei -- emui/magic_uiImplementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2021-46836
MISC
MISC
huawei -- emui/magic_uiImplementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2021-40024
MISC
MISC
huawei -- emui/magic_uiOut-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.2022-09-16not yet calculatedCVE-2020-36601
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2022-38991
MISC
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2022-38979
MISC
MISC
huawei -- emui/magic_uiOut-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.2022-09-16not yet calculatedCVE-2020-36600
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2022-38988
MISC
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.2022-09-16not yet calculatedCVE-2022-38989
MISC
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.2022-09-16not yet calculatedCVE-2022-38990
MISC
MISC
huawei -- emui/magic_uiConfiguration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.2022-09-16not yet calculatedCVE-2021-40023
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2022-38992
MISC
MISC
huawei -- emui/magic_uiThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.2022-09-16not yet calculatedCVE-2022-38987
MISC
MISC
huawei -- emui/magic_ui
 
Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.2022-09-16not yet calculatedCVE-2022-39003
MISC
huawei -- emui/magic_ui
 
Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.2022-09-16not yet calculatedCVE-2022-39002
MISC
huawei -- harmonyosOut-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.2022-09-16not yet calculatedCVE-2021-40019
MISC
huawei -- harmonyosThe MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.2022-09-16not yet calculatedCVE-2022-39004
MISC
MISC
huawei -- harmonyosThe MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.2022-09-16not yet calculatedCVE-2022-39005
MISC
MISC
huawei -- harmonyosThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.2022-09-16not yet calculatedCVE-2022-38994
MISC
MISC
huawei -- harmonyosThe HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.2022-09-16not yet calculatedCVE-2021-40017
MISC
huawei -- harmonyosThe HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.2022-09-16not yet calculatedCVE-2022-39010
MISC
MISC
huawei -- harmonyosThe WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.2022-09-16not yet calculatedCVE-2022-39009
MISC
MISC
huawei -- harmonyosThe NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.2022-09-16not yet calculatedCVE-2022-39008
MISC
MISC
huawei -- harmonyosThe location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.2022-09-16not yet calculatedCVE-2022-39007
MISC
MISC
huawei -- harmonyosThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.2022-09-16not yet calculatedCVE-2022-38996
MISC
MISC
huawei -- harmonyosThe secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.2022-09-16not yet calculatedCVE-2022-38995
MISC
MISC
huawei -- harmonyos
 
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.2022-09-16not yet calculatedCVE-2022-39000
MISC
MISC
huawei -- harmonyos
 
The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.2022-09-16not yet calculatedCVE-2022-38999
MISC
MISC
huawei -- harmonyos
 
The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.2022-09-16not yet calculatedCVE-2022-39001
MISC
MISC
ibm -- aixIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502.2022-09-13not yet calculatedCVE-2022-34356
CONFIRM
XF
ibm -- aixIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014.2022-09-13not yet calculatedCVE-2022-36768
XF
CONFIRM
ibm -- control_deskIBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126.2022-09-13not yet calculatedCVE-2022-22330
XF
CONFIRM
ibm -- control_deskIBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.2022-09-13not yet calculatedCVE-2022-22329
XF
CONFIRM
ibm -- db2IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.2022-09-13not yet calculatedCVE-2022-22483
CONFIRM
XF
ibm -- db2IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.2022-09-13not yet calculatedCVE-2022-35637
CONFIRM
XF
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.2022-09-14not yet calculatedCVE-2021-38924
CONFIRM
XF
ibm -- multiple_productsIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.2022-09-09not yet calculatedCVE-2022-34165
XF
CONFIRM
ibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714.2022-09-13not yet calculatedCVE-2022-34336
CONFIRM
XF
indy-node -- indy-nodeindy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose. However, the ledger content will not be impacted and the ledger will resume functioning after the attack. This attack exploits the trade-off between resilience and availability. Any protection against abusive client connections will also prevent the network being accessed by certain legitimate users. As a result, validator nodes must tune their firewall rules to ensure the right trade-off for their network's expected users. The guidance to network operators for the use of firewall rules in the deployment of Indy networks has been modified to better protect against denial of service attacks by increasing the cost and complexity in mounting such attacks. The mitigation for this vulnerability is not in the Hyperledger Indy code per se, but rather in the individual deployments of Indy. The mitigations should be applied to all deployments of Indy, and are not related to a particular release.2022-09-09not yet calculatedCVE-2022-31006
CONFIRM
MISC
inventorymanagementsystem -- inventorymanagementsystemA SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".2022-09-12not yet calculatedCVE-2022-36255
MISC
MISC
MISC
inventorymanagementsystem -- inventorymanagementsystemA SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.2022-09-12not yet calculatedCVE-2022-36259
MISC
MISC
MISC
inventorymanagementsystem -- inventorymanagementsystemA SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".2022-09-12not yet calculatedCVE-2022-36258
MISC
MISC
MISC
inventorymanagementsystem -- inventorymanagementsystemA SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.2022-09-12not yet calculatedCVE-2022-36257
MISC
MISC
MISC
inventorymanagementsystem -- inventorymanagementsystemA SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".2022-09-12not yet calculatedCVE-2022-36256
MISC
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33.2022-09-16not yet calculatedCVE-2020-23553
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20.2022-09-16not yet calculatedCVE-2020-23554
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62.2022-09-16not yet calculatedCVE-2020-23552
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e.2022-09-16not yet calculatedCVE-2020-23555
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28.2022-09-16not yet calculatedCVE-2020-23556
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f.2022-09-16not yet calculatedCVE-2020-23559
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d.2022-09-16not yet calculatedCVE-2020-23557
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.2022-09-16not yet calculatedCVE-2020-23551
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab.2022-09-16not yet calculatedCVE-2020-23560
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.2022-09-16not yet calculatedCVE-2020-23550
MISC
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b.2022-09-16not yet calculatedCVE-2020-23558
MISC
MISC
jasper -- jasper
 
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.2022-09-16not yet calculatedCVE-2022-40755
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.2022-09-09not yet calculatedCVE-2022-38283
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.2022-09-09not yet calculatedCVE-2022-38281
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.2022-09-09not yet calculatedCVE-2022-38278
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.2022-09-09not yet calculatedCVE-2022-38282
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.2022-09-09not yet calculatedCVE-2022-38277
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.2022-09-09not yet calculatedCVE-2022-38276
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.2022-09-09not yet calculatedCVE-2022-38275
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.2022-09-09not yet calculatedCVE-2022-38273
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.2022-09-09not yet calculatedCVE-2022-38284
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.2022-09-09not yet calculatedCVE-2022-38274
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.2022-09-09not yet calculatedCVE-2022-38280
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.2022-09-09not yet calculatedCVE-2022-38272
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.2022-09-09not yet calculatedCVE-2022-38285
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.2022-09-09not yet calculatedCVE-2022-38286
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection2022-09-15not yet calculatedCVE-2022-37207
MISC
MISC
jfinal_cms -- jfinal_cmsJFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.2022-09-09not yet calculatedCVE-2022-38279
MISC
jfinal_cms -- jfinal_cms
 
JFinal CMS 5.1.0 is vulnerable to SQL Injection.2022-09-15not yet calculatedCVE-2022-37201
MISC
MISC
json -- json
 
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-09-16not yet calculatedCVE-2022-40149
CONFIRM
CONFIRM
json -- json
 
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.2022-09-16not yet calculatedCVE-2022-40150
CONFIRM
CONFIRM
kdiskmark -- kdiskmarkKDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.2022-09-14not yet calculatedCVE-2022-40673
MISC
MISC
MISC
MLIST
FEDORA
kubevirt -- kubevirt
 
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.2022-09-15not yet calculatedCVE-2022-1798
CONFIRM
libconfuse -- libconfusecfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.2022-09-09not yet calculatedCVE-2022-40320
MISC
FEDORA
libexpat_project -- libexpatlibexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.2022-09-14not yet calculatedCVE-2022-40674
MISC
MISC
library_management_system -- library_management_systemIn Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.2022-09-12not yet calculatedCVE-2022-37794
MISC
librenms -- librenms
 
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.2022-09-17not yet calculatedCVE-2022-3231
MISC
CONFIRM
lief -- liefLIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp.2022-09-13not yet calculatedCVE-2022-38496
MISC
lief -- liefLIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.2022-09-13not yet calculatedCVE-2022-38497
MISC
lief -- liefLIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.2022-09-13not yet calculatedCVE-2022-38495
MISC
lief-project -- liefLIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.2022-09-13not yet calculatedCVE-2022-38307
MISC
lief-project -- liefLIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.2022-09-13not yet calculatedCVE-2022-38306
MISC
lighttpd -- lighttpdIn lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.2022-09-12not yet calculatedCVE-2022-37797
MISC
linksys -- e5350On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction.2022-09-12not yet calculatedCVE-2022-35572
MISC
linux -- linux_kernelA flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.2022-09-14not yet calculatedCVE-2022-2977
MISC
linux -- linux_kernelAn issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.2022-09-09not yet calculatedCVE-2022-40307
MISC
linux -- linux_kernelAn out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).2022-09-09not yet calculatedCVE-2022-36280
MISC
linux -- linux_kernelAn out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.2022-09-09not yet calculatedCVE-2022-2905
MISC
MISC
linux -- linux_kernelA flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.2022-09-09not yet calculatedCVE-2022-2964
MISC
linux -- linux_kernelA null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.2022-09-14not yet calculatedCVE-2022-40476
MISC
MISC
MISC
linux -- linux_kernelA NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.2022-09-14not yet calculatedCVE-2022-3202
MISC
linux -- linux_kernelA buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.2022-09-09not yet calculatedCVE-2022-3077
MISC
linux -- linux_kernelA NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).2022-09-09not yet calculatedCVE-2022-38096
MISC
linux -- linux_kernelA use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).2022-09-09not yet calculatedCVE-2022-38457
MISC
linux -- linux_kernelA flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.2022-09-09not yet calculatedCVE-2022-3169
MISC
linux -- linux_kernelThere exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa636592022-09-16not yet calculatedCVE-2022-3176
MISC
MISC
linux -- linux_kernelA use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).2022-09-09not yet calculatedCVE-2022-40133
MISC
linux -- linux_kernelAn out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.2022-09-13not yet calculatedCVE-2022-3170
MISC
MISC
linux -- linux_kernel
 
An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).2022-09-16not yet calculatedCVE-2022-36402
MISC
loan_management_system -- loan_management_systemLoan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.2022-09-14not yet calculatedCVE-2022-37139
MISC
MISC
loan_management_system -- loan_management_systemLoan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.2022-09-14not yet calculatedCVE-2022-37138
MISC
MISC
man2html -- man2htmlIn man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.2022-09-09not yet calculatedCVE-2021-40647
MISC
man2html -- man2htmlIn man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.2022-09-09not yet calculatedCVE-2021-40648
MISC
markdown_nice -- markdown_niceA cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field.2022-09-09not yet calculatedCVE-2022-38639
MISC
matrix -- dendriteDendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `/get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through other endpoints (e.g. `/event`, `/state`) as they have been correctly verified. Homeservers that have federation disabled are not vulnerable. The problem has been fixed in Dendrite 0.9.8. Users are advised to upgrade. There are no known workarounds for this issue.2022-09-12not yet calculatedCVE-2022-39200
CONFIRM
MISC
matrix -- matrix-appservice-ircmatrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The vulnerability has been patched in matrix-appservice-irc 0.35.0. As a workaround operators may disable dynamic channel joining via `dynamicChannels.enabled` to prevent users from joining new channels, which prevents any new channels being bridged outside of what is already bridged, and what is specified in the config.2022-09-13not yet calculatedCVE-2022-39203
MISC
CONFIRM
matrix -- matrix-appservice-ircmatrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode commands can only be executed by privileged users, so this can only be abused if an operator is tricked into running the command on behalf of an attacker. The vulnerability has been patched in matrix-appservice-irc 0.35.0. As a workaround users should refrain from entering mode commands suggested by untrusted users. Avoid using multiple modes in a single command.2022-09-13not yet calculatedCVE-2022-39202
MISC
CONFIRM
MISC
mattermost -- mattermostMattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.2022-09-09not yet calculatedCVE-2022-3147
MISC
MISC
mbconnectline -- mbconnect24A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.2022-09-14not yet calculatedCVE-2022-22520
CONFIRM
CONFIRM
micro-star_international_msi -- feature_navigatorAn issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.2022-09-12not yet calculatedCVE-2022-34110
MISC
MISC
MISC
micro-star_international_msi -- feature_navigatorAn issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.2022-09-12not yet calculatedCVE-2022-34108
MISC
MISC
MISC
micro-star_international_msi -- feature_navigatorAn issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size.2022-09-12not yet calculatedCVE-2022-34109
MISC
MISC
MISC
microsoft -- .net_framework.NET Framework Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-26929
MISC
microsoft -- av1_video_extensionAV1 Video Extension Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-38019
MISC
microsoft -- defender_for_endpointMicrosoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-35828
MISC
microsoft -- directx_graphics_kernelDirectX Graphics Kernel Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-37954
MISC
microsoft -- dynamics_365Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34700.2022-09-13not yet calculatedCVE-2022-35805
MISC
microsoft -- dynamics_365Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35805.2022-09-13not yet calculatedCVE-2022-34700
MISC
microsoft -- http_v3HTTP V3 Denial of Service Vulnerability.2022-09-13not yet calculatedCVE-2022-35838
MISC
microsoft -- multiple_products.NET Core and Visual Studio Denial of Service Vulnerability.2022-09-13not yet calculatedCVE-2022-38013
MISC
microsoft -- multiple_productsAzure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-38007
MISC
microsoft -- multiple_sharepoint_server_productsMicrosoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38009.2022-09-13not yet calculatedCVE-2022-38008
MISC
microsoft -- multiple_sharepoint_server_productsMicrosoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38008.2022-09-13not yet calculatedCVE-2022-38009
MISC
microsoft -- multiple_sharepoint_server_productsMicrosoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38008, CVE-2022-38009.2022-09-13not yet calculatedCVE-2022-37961
MISC
microsoft -- odbc_driverMicrosoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34734.2022-09-13not yet calculatedCVE-2022-34732
MISC
microsoft -- odbc_driverMicrosoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34732, CVE-2022-34734.2022-09-13not yet calculatedCVE-2022-34730
MISC
microsoft -- odbc_driverMicrosoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34732.2022-09-13not yet calculatedCVE-2022-34734
MISC
microsoft -- odbc_driverMicrosoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.2022-09-13not yet calculatedCVE-2022-34727
MISC
microsoft -- ole_db_provider_for_sql_serverMicrosoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35836, CVE-2022-35840.2022-09-13not yet calculatedCVE-2022-35835
MISC
microsoft -- ole_db_provider_for_sql_serverMicrosoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.2022-09-13not yet calculatedCVE-2022-35834
MISC
microsoft -- ole_db_provider_for_sql_serverMicrosoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.2022-09-13not yet calculatedCVE-2022-34731
MISC
microsoft -- ole_db_provider_for_sql_serverMicrosoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836.2022-09-13not yet calculatedCVE-2022-35840
MISC
microsoft -- ole_db_provider_for_sql_serverMicrosoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840.2022-09-13not yet calculatedCVE-2022-35836
MISC
microsoft -- ole_db_provider_for_sql_serverMicrosoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.2022-09-13not yet calculatedCVE-2022-34733
MISC
microsoft -- powerpointMicrosoft PowerPoint Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-37962
MISC
microsoft -- raw_image_extensionRaw Image Extension Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-38011
MISC
microsoft -- remote_procedute_call_runtimeRemote Procedure Call Runtime Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-35830
MISC
microsoft -- serverNetwork Device Enrollment Service (NDES) Security Feature Bypass Vulnerability.2022-09-13not yet calculatedCVE-2022-37959
MISC
microsoft -- sharepoint_foundationMicrosoft SharePoint Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-35823
MISC
microsoft -- spnego_extended_negotiationSPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.2022-09-13not yet calculatedCVE-2022-37958
MISC
microsoft -- visioMicrosoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37963.2022-09-13not yet calculatedCVE-2022-38010
MISC
microsoft -- visioMicrosoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38010.2022-09-13not yet calculatedCVE-2022-37963
MISC
microsoft -- visual_studio_codeVisual Studio Code Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-38020
MISC
microsoft -- windows_alpcWindows ALPC Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-34725
MISC
microsoft -- windows_common_log_file_system_driverWindows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969.2022-09-13not yet calculatedCVE-2022-35803
MISC
microsoft -- windows_common_log_file_system_driverWindows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.2022-09-13not yet calculatedCVE-2022-37969
MISC
-MISC
microsoft -- windows_credential_roaming_serviceWindows Credential Roaming Service Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-30170
MISC
microsoft -- windows_distributed_file_systemWindows Distributed File System (DFS) Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-34719
MISC
microsoft -- windows_dns_serverWindows DNS Server Denial of Service Vulnerability.2022-09-13not yet calculatedCVE-2022-34724
MISC
microsoft -- windows_dpapiWindows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability.2022-09-13not yet calculatedCVE-2022-34723
MISC
microsoft -- windows_enterprise_app_management_serviceWindows Enterprise App Management Service Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-35841
MISC
microsoft -- windows_event_tracingWindows Event Tracing Denial of Service Vulnerability.2022-09-13not yet calculatedCVE-2022-35832
MISC
microsoft -- windows_fax_serviceWindows Fax Service Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-38004
MISC
microsoft -- windows_gdiWindows GDI Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-34729
MISC
microsoft -- windows_graphics_componentWindows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-35837.2022-09-13not yet calculatedCVE-2022-38006
MISC
microsoft -- windows_graphics_componentWindows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35837, CVE-2022-38006.2022-09-13not yet calculatedCVE-2022-34728
MISC
microsoft -- windows_graphics_componentWindows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.2022-09-13not yet calculatedCVE-2022-35837
MISC
microsoft -- windows_group_policyWindows Group Policy Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-37955
MISC
microsoft -- windows_internet_key_exchange_extensionWindows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability.2022-09-13not yet calculatedCVE-2022-34720
MISC
microsoft -- windows_internet_key_exchange_protocol_extensionsWindows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.2022-09-13not yet calculatedCVE-2022-34721
MISC
microsoft -- windows_internet_key_exchange_protocol_extensionsWindows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721.2022-09-13not yet calculatedCVE-2022-34722
MISC
microsoft -- windows_kerberosWindows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.2022-09-13not yet calculatedCVE-2022-33679
MISC
microsoft -- windows_kerberosWindows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33679.2022-09-13not yet calculatedCVE-2022-33647
MISC
microsoft -- windows_kernelWindows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964.2022-09-13not yet calculatedCVE-2022-37957
MISC
microsoft -- windows_kernelWindows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964.2022-09-13not yet calculatedCVE-2022-37956
MISC
microsoft -- windows_kernelWindows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37957.2022-09-13not yet calculatedCVE-2022-37964
MISC
microsoft -- windows_lightweight_directory_access_protocolWindows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-30200
MISC
microsoft -- windows_odbc_driverMicrosoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34727, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.2022-09-13not yet calculatedCVE-2022-34726
MISC
microsoft -- windows_photo_importWindows Photo Import API Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-26928
MISC
microsoft -- windows_print_spoolerWindows Print Spooler Elevation of Privilege Vulnerability.2022-09-13not yet calculatedCVE-2022-38005
MISC
microsoft -- windows_remote_access_connection_managerWindows Remote Access Connection Manager Information Disclosure Vulnerability.2022-09-13not yet calculatedCVE-2022-35831
MISC
microsoft -- windows_secure_channelWindows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-30196.2022-09-13not yet calculatedCVE-2022-35833
MISC
microsoft -- windows_tcp/ipWindows TCP/IP Remote Code Execution Vulnerability.2022-09-13not yet calculatedCVE-2022-34718
MISC
microsoft -- windowssecure_channelWindows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35833.2022-09-13not yet calculatedCVE-2022-30196
MISC
milesight -- video_management_systemsThis vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.2022-09-15not yet calculatedCVE-2022-3001
MISC
moby -- mobyMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.2022-09-09not yet calculatedCVE-2022-36109
CONFIRM
MISC
MISC
FEDORA
FEDORA
moodle -- moodleIn certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.2022-09-13not yet calculatedCVE-2021-36568
MISC
MISC
mp42aac -- mp42aacBuffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.2022-09-14not yet calculatedCVE-2022-40438
MISC
mp42aac -- mp42aacAn memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.2022-09-14not yet calculatedCVE-2022-40439
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38863
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38862
MISC
mplayer -- mplayerThe MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c.2022-09-15not yet calculatedCVE-2022-38850
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38856
MISC
mplayer -- mplayerThe MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.2022-09-15not yet calculatedCVE-2022-38861
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38851
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38853
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38860
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38855
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38864
MISC
mplayer -- mplayerMplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.2022-09-15not yet calculatedCVE-2022-38600
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38866
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38858
MISC
mplayer -- mplayerCertain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.2022-09-15not yet calculatedCVE-2022-38865
MISC
nextcloud -- nextcloud
 
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.2022-09-15not yet calculatedCVE-2022-36074
MISC
CONFIRM
nextcloud -- nextcloud
 
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.2022-09-16not yet calculatedCVE-2022-39211
MISC
CONFIRM
MISC
nextcloud -- nextcloud
 
Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call.2022-09-17not yet calculatedCVE-2022-39212
CONFIRM
MISC
nextcloud -- files_access_control_app
 
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issue2022-09-15not yet calculatedCVE-2022-36075
CONFIRM
MISC
nginx -- njsNginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h2022-09-15not yet calculatedCVE-2022-38890
MISC
ni -- configuration_managerAn improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access.2022-09-16not yet calculatedCVE-2022-35415
MISC
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15697.2022-09-15not yet calculatedCVE-2022-40663
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15214.2022-09-15not yet calculatedCVE-2022-40659
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15134.2022-09-15not yet calculatedCVE-2022-40661
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15135.2022-09-15not yet calculatedCVE-2022-40660
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15071.2022-09-15not yet calculatedCVE-2022-40655
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15351.2022-09-15not yet calculatedCVE-2022-40662
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15166.2022-09-15not yet calculatedCVE-2022-40658
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. Crafted data in a PSD file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15073.2022-09-15not yet calculatedCVE-2022-40657
MISC
nikon -- nis-elements_viewerThis vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. Crafted data in a ND2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15072.2022-09-15not yet calculatedCVE-2022-40656
MISC
nintendo -- game_boy_colorA vulnerability has been found in Nintendo Game Boy Color and classified as problematic. This vulnerability affects unknown code of the component Mobile Adapter GB. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-208606 is the identifier assigned to this vulnerability.2022-09-14not yet calculatedCVE-2022-3216
N/A
N/A
nlnet_labs -- routinatorIn NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data that Routinator provides to routers. This may stop your network from validating route origins based on RPKI data. This vulnerability does not allow an attacker to manipulate RPKI data.2022-09-13not yet calculatedCVE-2022-3029
MISC
nokia -- 1350_optical_management_systemIn NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /cgi-bin/R14.2/log.pl via the cmd HTTP GET parameter and /cgi-bin/R14.2/checkping.pl via the addr HTTP GET parameter. This allows authenticated users to execute commands on the operating system.2022-09-13not yet calculatedCVE-2022-39819
MISC
nokia -- 1350_optical_management_systemIn NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.2022-09-13not yet calculatedCVE-2022-39814
MISC
nokia -- 1350_optical_management_systemIn NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occur in /cgi-bin/R14.2/easy1350.pl via the id or host HTTP GET parameter, or /cgi-bin/R14.2/cgi-bin/R14.2/host.pl via the host HTTP GET parameter. Exploitation requires an authenticated attacker.2022-09-13not yet calculatedCVE-2022-39817
MISC
nokia -- 1350_optical_management_systemIn NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext password) occur in /cgi-bin/R14.2/cgi-bin/R14.2/host.pl on the edit configuration page. Exploitation requires an authenticated attacker.2022-09-13not yet calculatedCVE-2022-39816
MISC
nokia -- 1350_optical_management_systemIn NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /CGI-BIN/OTNE_1-14/runBatch.cgi via the file HTTP POST parameter, /CGI-BIN/OTNE_1-14/getRadioTLs.cgi via the context HTTP POST parameter, /CGI-BIN/OTNE_1-14/runRouteReport.cgi via the file HTTP POST parameter or /CGI-BIN/RemoteCommandManager.cgi via the command HTTP POST parameter.2022-09-13not yet calculatedCVE-2022-39815
MISC
nokia -- 1350_optical_management_systemIn NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs under /usr/Systems/OTNE_1_14_Master/maintenance/trace/web/.otn.default.log. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.2022-09-13not yet calculatedCVE-2022-39821
MISC
nokia -- fastmileAn issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).2022-09-15not yet calculatedCVE-2022-38788
MISC
MISC
oases -- oases
 
OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.2022-09-16not yet calculatedCVE-2022-40337
MISC
MISC
MISC
oauthlib -- oauthlibOAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.2022-09-09not yet calculatedCVE-2022-36087
MISC
MISC
MISC
CONFIRM
MISC
octopus -- octopus_deployIn affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.2022-09-09not yet calculatedCVE-2022-2528
MISC
omron -- cx-programmerOpening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.2022-09-12not yet calculatedCVE-2022-2979
MISC
onedev -- onedevOnedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the server to check for branch protections during a push event. It is only intended to be accessed from localhost, but the check relies on the X-Forwarded-For header. Invoking this endpoint leads to the execution of one of various git commands. The environment variables of this command execution can be controlled via query parameters. This allows attackers to write to arbitrary files, which can in turn lead to the execution of arbitrary code. Such an attack would be very hard to detect, which increases the potential impact even more. Users are advised to upgrade. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-39205
MISC
CONFIRM
MISC
onedev -- onedevOnedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting (XSS) when a user creates a build artifact that contains HTML. When accessing the artifact, the content is rendered by the browser, including any JavaScript that it contains. Since all cookies (except for the rememberMe one) do not set the HttpOnly flag, an attacker could steal the session of a victim and use it to impersonate them. To exploit this issue, attackers need to be able to modify the content of artifacts, which usually means they need to be able to modify a project's build spec. The exploitation requires the victim to click on an attacker's link. It can be used to elevate privileges by targeting admins of a OneDev instance. In the worst case, this can lead to arbitrary code execution on the server, because admins can create Server Shell Executors and use them to run any command on the server. This issue has been patched in version 7.3.0. Users are advised to upgrade. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-39207
CONFIRM
MISC
onedev -- onedevOnedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib.2022-09-14not yet calculatedCVE-2022-38301
MISC
MISC
onedev -- onedevOnedev is an open source, self-hosted Git Server with CI/CD and Kanban. All files in the /opt/onedev/sites/ directory are exposed and can be read by unauthenticated users. This directory contains all projects, including their bare git repos and build artifacts. This file disclosure vulnerability can be used by unauthenticated attackers to leak all project files of any project. Since project IDs are incremental, an attacker could iterate through them and leak all project data. This issue has been resolved in version 7.3.0 and users are advised to upgrade. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-39208
CONFIRM
MISC
onedev -- onedevOnedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. This issue allows regular (non-admin) users to potentially take over the build infrastructure of a OneDev instance. Attackers need to have an account (or be able to register one) and need permission to create a project. Since code.onedev.io has the right preconditions for this to be exploited by remote attackers, it could have been used to hijack builds of OneDev itself, e.g. by injecting malware into the docker images that are built and pushed to Docker Hub. The impact is increased by this as described before. Users are advised to upgrade to 7.3.0 or higher. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-39206
MISC
CONFIRM
online_leave_management_system -- online_leave_management_systemOnline Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php.2022-09-12not yet calculatedCVE-2022-38304
MISC
online_leave_management_system -- online_leave_management_systemOnline Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.2022-09-12not yet calculatedCVE-2022-38303
MISC
online_leave_management_system -- online_leave_management_systemOnline Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php.2022-09-12not yet calculatedCVE-2022-38302
MISC
open5gs -- open5gsWhen Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without checking the maximum length. If the pdi.local_f_teid.len exceeds the maximum length of the struct of f_teid, the memcpy() overwrites the fields (e.g., f_teid_len) after f_teid in the pdr struct. After parsing the request, the UPF starts to build a response. The f_teid_len with its overwritten value is used as a length for memcpy(). A segmentation fault occurs, as a result of a memcpy(), if this overwritten value is large enough.2022-09-16not yet calculatedCVE-2022-39063
MISC
openam_consortium_edition -- openam_consortium_editionOpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.2022-09-15not yet calculatedCVE-2022-31735
JVN
CONFIRM
openharmony -- openharmonyOpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.2022-09-09not yet calculatedCVE-2022-38701
MISC
openharmony -- openharmonyOpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.2022-09-09not yet calculatedCVE-2022-38700
MISC
openharmony -- openharmonyOpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.2022-09-09not yet calculatedCVE-2022-38081
MISC
openkm -- openkmOpenKM 6.3.11 allows stored XSS related to the javascript&colon; substring in an A element.2022-09-09not yet calculatedCVE-2022-40317
MISC
MISC
pal_electronics_systems -- pal_gatePal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx, and a dynamic analasys using Frida. The attacker can iterate over all the IOT devices to see every entry and exit, on every gate and device all over the world, he can also scrape the server and create a user's DB with full names and phone number of over 2.8 million users, and to see all of the users' movement in and out of gates, even in real time.2022-09-13not yet calculatedCVE-2022-36782
MISC
palo_alto_networks -- cortex_xdr_agentAn improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.2022-09-14not yet calculatedCVE-2022-0029
MISC
parse-url -- parse-urlServer-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.2022-09-14not yet calculatedCVE-2022-2900
MISC
CONFIRM
parse-url -- parse-urlMisinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.2022-09-15not yet calculatedCVE-2022-3224
MISC
CONFIRM
pdf_labs -- pdftk-javaPDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.2022-09-09not yet calculatedCVE-2021-37819
MISC
pds -- vista_7The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application.2022-09-16not yet calculatedCVE-2022-34002
MISC
MISC
pebble_templates -- pebble_templatesPebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok2022-09-12not yet calculatedCVE-2022-37767
MISC
penta_security_systems -- wapplesPenta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables.2022-09-13not yet calculatedCVE-2022-31322
MISC
MISC
penta_security_systems -- wapplesWAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.2022-09-13not yet calculatedCVE-2022-35413
MISC
MISC
MISC
penta_security_systems -- wapplesAn arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.2022-09-13not yet calculatedCVE-2022-31324
MISC
MISC
penta_security_systems -- wapples
 
Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.2022-09-13not yet calculatedCVE-2022-35582
MISC
MISC
pimcore -- pimcoreCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.2022-09-15not yet calculatedCVE-2022-3211
CONFIRM
MISC
podman -- podmanAn incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.2022-09-13not yet calculatedCVE-2022-2989
MISC
MISC
primekey -- ejbcaAn issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one or multiple dnsNames. These are validated properly in the ACME challenge. However, if the validation passes, a non-compliant client can include additional dnsNames the CSR sent to the finalize endpoint, resulting in EJBCA issuing a certificate including the identifiers that were not validated. This occurs even if the certificate profile is configured to not allow a DN override by the CSR.2022-09-14not yet calculatedCVE-2022-34831
MISC
MISC
proscend -- multiple_productsPROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=16208143012022-09-13not yet calculatedCVE-2022-36779
MISC
python -- pythonA flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.2022-09-09not yet calculatedCVE-2020-10735
MISC
MISC
MISC
MISC
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
qemu -- qemuA DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.2022-09-13not yet calculatedCVE-2022-2962
MISC
MISC
qsmart_next -- qsmart_nextQsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.2022-09-15not yet calculatedCVE-2022-29649
MISC
MISC
qualcomm -- multiple_productsMemory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25654
CONFIRM
qualcomm -- multiple_productsInformation disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music2022-09-16not yet calculatedCVE-2022-25690
CONFIRM
qualcomm -- multiple_productsDenial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25669
CONFIRM
qualcomm -- multiple_productsInformation disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25653
CONFIRM
qualcomm -- multiple_productsDenial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25670
CONFIRM
qualcomm -- multiple_productsPossible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25656
CONFIRM
qualcomm -- multiple_productsMemory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25688
CONFIRM
qualcomm -- multiple_productsImproper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-22091
CONFIRM
qualcomm -- multiple_productsMemory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-22081
CONFIRM
qualcomm -- multiple_productsMemory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-22089
CONFIRM
qualcomm -- multiple_productsMemory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-16not yet calculatedCVE-2022-22092
CONFIRM
qualcomm -- multiple_productsMemory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-22066
CONFIRM
qualcomm -- multiple_productsMemory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-16not yet calculatedCVE-2022-22093
CONFIRM
qualcomm -- multiple_productsmemory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-16not yet calculatedCVE-2022-22094
CONFIRM
qualcomm -- multiple_productsMemory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile2022-09-16not yet calculatedCVE-2022-22095
CONFIRM
qualcomm -- multiple_productsMemory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile2022-09-16not yet calculatedCVE-2022-25708
CONFIRM
qualcomm -- multiple_productsInformation disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25706
CONFIRM
qualcomm -- multiple_productsMemory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25696
CONFIRM
qualcomm -- multiple_productsMemory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile2022-09-16not yet calculatedCVE-2022-25693
CONFIRM
qualcomm -- multiple_productsMemory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-25686
CONFIRM
qualcomm -- multiple_productsMemory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables2022-09-16not yet calculatedCVE-2022-22074
CONFIRM
qualcomm -- multiple_productsMemory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music2022-09-16not yet calculatedCVE-2022-22105
CONFIRM
qualcomm -- snapdragon_wired_infrastructure_and_networkingCryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking2022-09-16not yet calculatedCVE-2022-25652
CONFIRM
rdiffweb -- rdiffwebSensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.2022-09-13not yet calculatedCVE-2022-3174
CONFIRM
MISC
rdiffweb -- rdiffwebWeak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.2022-09-13not yet calculatedCVE-2022-3179
MISC
CONFIRM
rdiffweb -- rdiffwebMissing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2.2022-09-13not yet calculatedCVE-2022-3175
MISC
CONFIRM
rdiffweb -- rdiffwebCross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.2022-09-17not yet calculatedCVE-2022-3232
CONFIRM
MISC
rdiffweb -- rdiffwebCross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.2022-09-15not yet calculatedCVE-2022-3221
CONFIRM
MISC
redhat -- ansible_automation_platformAn XSS exists in automation controller UI where the project name is susceptible to XSS injection2022-09-13not yet calculatedCVE-2022-3205
MISC
redhat -- wildflyA flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.2022-09-13not yet calculatedCVE-2022-1278
MISC
safe -- fme_serverSafe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.2022-09-13not yet calculatedCVE-2022-38342
MISC
MISC
MISC
samsung -- contacts_providerImproper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.2022-09-09not yet calculatedCVE-2022-36869
MISC
samsung -- editor_liteImproper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.2022-09-09not yet calculatedCVE-2022-36867
MISC
samsung -- emailImproper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.2022-09-09not yet calculatedCVE-2022-36864
MISC
samsung -- find_my_mobileExposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log.2022-09-09not yet calculatedCVE-2022-36878
MISC
samsung -- galaxy_watch_pluginImproper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.2022-09-09not yet calculatedCVE-2022-36873
MISC
samsung -- group_sharingImproper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.2022-09-09not yet calculatedCVE-2022-36866
MISC
samsung -- group_sharingImproper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.2022-09-09not yet calculatedCVE-2022-36865
MISC
samsung -- kiesImproper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.2022-09-09not yet calculatedCVE-2022-39845
MISC
samsung -- membersExposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.2022-09-09not yet calculatedCVE-2022-36877
MISC
samsung -- mtower
 
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.2022-09-16not yet calculatedCVE-2022-40758
MISC
MISC
samsung -- mtower
 
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.2022-09-16not yet calculatedCVE-2022-40762
MISC
MISC
samsung -- mtower
 
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.2022-09-16not yet calculatedCVE-2022-40759
MISC
MISC
samsung -- mtower
 
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.2022-09-16not yet calculatedCVE-2022-40761
MISC
MISC
MISC
samsung -- mtower
 
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.2022-09-16not yet calculatedCVE-2022-40757
MISC
MISC
samsung -- mtower
 
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.2022-09-16not yet calculatedCVE-2022-40760
MISC
MISC
MISC
samsung -- passImproper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.2022-09-09not yet calculatedCVE-2022-36851
MISC
samsung -- passImproper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.2022-09-09not yet calculatedCVE-2022-36876
MISC
samsung -- payPending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.2022-09-09not yet calculatedCVE-2022-36870
MISC
samsung -- payPending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.2022-09-09not yet calculatedCVE-2022-36872
MISC
samsung -- payPending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.2022-09-09not yet calculatedCVE-2022-36871
MISC
samsung -- smart_switch_pcDLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.2022-09-09not yet calculatedCVE-2022-39846
MISC
samsung -- smart_switch_pcImproper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.2022-09-09not yet calculatedCVE-2022-39844
MISC
samsung -- smarttagpluginImproper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim&#39;s devices.2022-09-09not yet calculatedCVE-2022-36859
MISC
samsung -- water_pluginImproper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.2022-09-09not yet calculatedCVE-2022-36874
MISC
samsung -- water_pluginImproper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.2022-09-09not yet calculatedCVE-2022-36875
MISC
sap -- access_control_emergency_access_managementSAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application.2022-09-13not yet calculatedCVE-2022-39801
MISC
MISC
sap -- boe_commentary_database
 
Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application.2022-09-13not yet calculatedCVE-2022-32244
MISC
MISC
sap -- business_oneIn SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.2022-09-13not yet calculatedCVE-2022-35292
MISC
MISC
sap -- businessobjects_business_intelligence_platformUnder certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) - versions 420, 430, exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.2022-09-13not yet calculatedCVE-2022-35295
MISC
MISC
sap -- businessobjects_business_intelligence_platform_central_management_consoleUnder certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.2022-09-13not yet calculatedCVE-2022-39014
MISC
MISC
sap -- fiori_launchpadAn attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.2022-09-13not yet calculatedCVE-2022-39799
MISC
MISC
sap -- netweaver_as_abapAn attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.2022-09-13not yet calculatedCVE-2022-35294
MISC
MISC
sap -- netweaver_enterprise_portalSAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.2022-09-13not yet calculatedCVE-2022-35298
MISC
MISC
schneider_electric -- ecostruxure_control_expertA CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).2022-09-13not yet calculatedCVE-2022-37302
MISC
schneider_electric -- multiple_productsA CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).2022-09-12not yet calculatedCVE-2022-37300
MISC
scylla -- scylla
 
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of decompression buffer won't be overwritten, and will be left uninitialized. This can be exploited in several ways, depending on the privileges of the user. 1. The main exploit is that an attacker with access to CQL port, but no user account, can bypass authentication, but only if there are other legitimate clients making connections to the cluster, and they use LZ4. 2. Attacker that already has a user account on the cluster can read parts of uninitialized memory, which can contain things like passwords of other users or fragments of other queries / results, which leads to authorization bypass and sensitive information disclosure. The bug has been patched in the following versions: Scylla Enterprise: 2020.1.14, 2021.1.12, 2022.1.0. Scylla Open Source: 4.6.7, 5.0.3. Users unable to upgrade should make sure none of their drivers connect to cluster using LZ4 compression, and that Scylla CQL port is behind firewall. Additionally make sure no untrusted client can connect to Scylla, by setting up authentication and applying workarounds from previous point (firewall, no lz4 compression).2022-09-15not yet calculatedCVE-2022-29240
CONFIRM
MISC
MISC
shopware -- shopwareShopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.2022-09-12not yet calculatedCVE-2022-36101
MISC
CONFIRM
MISC
MISC
shopware -- shopwareShopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.2022-09-12not yet calculatedCVE-2022-36102
CONFIRM
MISC
MISC
MISC
shopxian -- shopxian_cmsAn issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnerability that can delete the specified column via index.php/contents-admin_cat-finderdel-model-ContentsCat.html?id=17.2022-09-13not yet calculatedCVE-2022-38329
MISC
MISC
siderolabs -- talos_linuxTalos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR (certificate signing request) Talos control plane node might issue Talos API certificate which allows full access to Talos API on a control plane node. Accessing Talos API with full level access on a control plane node might reveal sensitive information which allows full level access to the cluster (Kubernetes and Talos PKI, etc.). Talos API join token is stored in the machine configuration on the worker node. When configured correctly, Kubernetes workloads don't have access to the machine configuration, but due to a misconfiguration workload might access the machine configuration and reveal the join token. This problem has been fixed in Talos 1.2.2. Enabling the Pod Security Standards mitigates the vulnerability by denying hostPath mounts and host networking by default in the baseline policy. Clusters that don't run untrusted workloads are not affected. Clusters with correct Pod Security configurations which don't allow hostPath mounts, and secure access to cloud metadata server (or machine configuration is not supplied via cloud metadata server) are not affected.2022-09-13not yet calculatedCVE-2022-36103
CONFIRM
MISC
MISC
siemens -- coreshield_one-way_gatewayA vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator.2022-09-13not yet calculatedCVE-2022-38466
MISC
siemens -- mendix_saml_moduleA vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.3.1). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.2022-09-13not yet calculatedCVE-2022-37011
MISC
siemens -- ruggedcom_rosA vulnerability has been identified in RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RS416Pv2 (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < v5.6.0), RUGGEDCOM ROS RST2228 (All versions < v5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < v5.6.0), RUGGEDCOM ROS RST916P (All versions < v5.6.0). Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends.2022-09-13not yet calculatedCVE-2022-39158
MISC
siemens -- simcenter_femapA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-17276)2022-09-13not yet calculatedCVE-2022-39137
MISC
siemens -- simcenter_femapA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)2022-09-13not yet calculatedCVE-2022-39147
MISC
siemens -- simcenter_femapA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17740)2022-09-13not yet calculatedCVE-2022-39152
MISC
siemens -- simcenter_femapA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17736)2022-09-13not yet calculatedCVE-2022-39151
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17292)2022-09-13not yet calculatedCVE-2022-39140
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17289)2022-09-13not yet calculatedCVE-2022-39139
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18188)2022-09-13not yet calculatedCVE-2022-39154
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-17296)2022-09-13not yet calculatedCVE-2022-39141
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18196)2022-09-13not yet calculatedCVE-2022-39156
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17485)2022-09-13not yet calculatedCVE-2022-39142
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17493)2022-09-13not yet calculatedCVE-2022-39143
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17284)2022-09-13not yet calculatedCVE-2022-39138
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17496)2022-09-13not yet calculatedCVE-2022-39145
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17513)2022-09-13not yet calculatedCVE-2022-39148
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18187)2022-09-13not yet calculatedCVE-2022-39153
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17494)2022-09-13not yet calculatedCVE-2022-39144
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17735)2022-09-13not yet calculatedCVE-2022-39150
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18192)2022-09-13not yet calculatedCVE-2022-39155
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17733)2022-09-13not yet calculatedCVE-2022-39149
MISC
siemens -- simcenter_femap_and_parasolidA vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17502)2022-09-13not yet calculatedCVE-2022-39146
MISC
sigstore -- cosign
 
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First a cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature. Second, when providing identity flags, the email and issuer of a certificate is not checked when verifying a Rekor bundle, and the GitHub Actions identity is never checked. Third, providing an invalid Rekor bundle without the experimental flag results in a successful verification. And fourth an invalid transparency log entry will result in immediate success for verification. Details and examples of these issues can be seen in the GHSA-8gw7-4j42-w388 advisory linked. Users are advised to upgrade to 1.12.0. There are no known workarounds for these issues.2022-09-14not yet calculatedCVE-2022-36056
MISC
CONFIRM
simple_online_book_store_system -- simple_online_book_store_systemIn Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).2022-09-12not yet calculatedCVE-2022-37796
MISC
slims -- senayan_library_management_systemSLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.2022-09-12not yet calculatedCVE-2022-38291
MISC
slims -- senayan_library_management_systemSLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.2022-09-12not yet calculatedCVE-2022-38292
MISC
smarty -- smartyIn Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.2022-09-15not yet calculatedCVE-2018-25047
MISC
MISC
MISC
MISC
snipe-it -- snipe-itImproper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.2022-09-17not yet calculatedCVE-2022-3173
CONFIRM
MISC
sourcecodester -- news247_news_magazine_(cms)_phpCross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field2022-09-16not yet calculatedCVE-2021-41731
MISC
MISC
MISC
sourcecodester -- school_activity_updates_with_sms_notificationSchool Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.2022-09-16not yet calculatedCVE-2022-38833
MISC
sourcecodester -- school_activity_updates_with_sms_notificationSchool Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.2022-09-16not yet calculatedCVE-2022-38878
MISC
sourcecodester -- school_activity_updates_with_sms_notificationSchool Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.2022-09-16not yet calculatedCVE-2022-38832
MISC
sourcecodester -- storage_unit_rental_management_system_phpA Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.2022-09-16not yet calculatedCVE-2021-42597
MISC
MISC
stealjs -- stealA Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.2022-09-15not yet calculatedCVE-2022-37262
MISC
MISC
MISC
stealjs -- stealPrototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.2022-09-15not yet calculatedCVE-2022-37257
MISC
MISC
MISC
MISC
MISC
stealjs -- stealPrototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.2022-09-16not yet calculatedCVE-2022-37258
MISC
MISC
MISC
stealjs -- stealA Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.2022-09-15not yet calculatedCVE-2022-37260
MISC
MISC
MISC
stealjs -- stealPrototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.2022-09-15not yet calculatedCVE-2022-37266
MISC
MISC
MISC
stealjs -- stealPrototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.2022-09-15not yet calculatedCVE-2022-37264
MISC
MISC
MISC
syncovery -- syncoveryAn issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.2022-09-16not yet calculatedCVE-2022-36536
MISC
MISC
MISC
syncovery -- syncoverySuper Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution (RCE) vulnerabilities via the Job_ExecuteBefore and Job_ExecuteAfter parameters at post_profilesettings.php.2022-09-16not yet calculatedCVE-2022-36534
MISC
MISC
MISC
syncovery -- syncoverySuper Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability.2022-09-16not yet calculatedCVE-2022-36533
MISC
MISC
MISC
synel -- eharmonyinsert HTML / js code inside input how to get to the vulnerable input : Workers &gt; worker nickname &gt; inject in this input the code.2022-09-13not yet calculatedCVE-2022-36778
MISC
sysaid -- help_deskSysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.2022-09-11not yet calculatedCVE-2022-40324
MISC
sysaid -- help_deskSysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.2022-09-11not yet calculatedCVE-2022-40322
MISC
sysaid -- help_deskSysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.2022-09-11not yet calculatedCVE-2022-40323
MISC
sysaid -- help_deskSysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262.2022-09-11not yet calculatedCVE-2022-40325
MISC
systemd -- systemdA use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.2022-09-09not yet calculatedCVE-2022-2526
MISC
tauri -- tauriTauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.2022-09-15not yet calculatedCVE-2022-39215
MISC
CONFIRM
MISC
MISC
techvill -- paymoneyPayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.2022-09-14not yet calculatedCVE-2022-37140
MISC
MISC
techvill -- paymoneyPayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.2022-09-14not yet calculatedCVE-2022-37137
MISC
MISC
tenda -- multiple_productsTenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile.2022-09-15not yet calculatedCVE-2022-38325
MISC
tenda -- multiple_productsTenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.2022-09-15not yet calculatedCVE-2022-38326
MISC
tenda -- rx9_proTenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.2022-09-16not yet calculatedCVE-2022-38830
MISC
tenda -- rx9_proTenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.2022-09-16not yet calculatedCVE-2022-38829
MISC
tenda -- rx9_proTenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList2022-09-16not yet calculatedCVE-2022-38831
MISC
tenhot -- router
 
There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.2022-09-15not yet calculatedCVE-2022-37861
MISC
MISC
tesla -- v11.0
 
Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.2022-09-16not yet calculatedCVE-2022-37709
MISC
MISC
MISC
tesseract -- tesseractAn issue in the Leptonica linked library (v1.79.0) in Tesseract v5.0.0 allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.2022-09-09not yet calculatedCVE-2022-38266
MISC
testlink -- testlinkTestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.2022-09-16not yet calculatedCVE-2022-35193
MISC
MISC
testlink -- testlinkTestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.2022-09-16not yet calculatedCVE-2022-35194
MISC
MISC
testlink -- testlinkTestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php2022-09-16not yet calculatedCVE-2022-35195
MISC
MISC
thingsboard -- thingsboardCross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs.2022-09-13not yet calculatedCVE-2022-31861
MISC
thinkphp -- thinkphpThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.2022-09-15not yet calculatedCVE-2022-38352
MISC
torguard -- vpnTorguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.2022-09-12not yet calculatedCVE-2022-37835
MISC
MISC
totolink -- a7000ruTOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.2022-09-14not yet calculatedCVE-2022-38308
MISC
totolink -- routerTOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.2022-09-15not yet calculatedCVE-2022-38535
MISC
totolink -- routerTOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.2022-09-15not yet calculatedCVE-2022-38534
MISC
totolink -- t6TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi2022-09-16not yet calculatedCVE-2022-38827
MISC
totolink -- t6In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.2022-09-16not yet calculatedCVE-2022-38826
MISC
totolink -- t6In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.2022-09-16not yet calculatedCVE-2022-38823
MISC
totolink -- t6TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi2022-09-16not yet calculatedCVE-2022-38828
MISC
tp-link -- m7350The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.2022-09-12not yet calculatedCVE-2022-37860
MISC
MISC
transtek -- mojodat_fixed_asset_managementThe mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization.2022-09-13not yet calculatedCVE-2022-38768
MISC
MISC
transtek -- mojodat_fixed_asset_managementThe mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request.2022-09-13not yet calculatedCVE-2022-38769
MISC
MISC
transtek -- mojodat_fixed_asset_managementThe mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request.2022-09-13not yet calculatedCVE-2022-38770
MISC
MISC
transtek -- mojodat_fixed_asset_managementThe mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.2022-09-13not yet calculatedCVE-2022-38771
MISC
MISC
twisted_vnc_authentication_proxy -- twisted_vnc_authentication_proxyOSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server.2022-09-14not yet calculatedCVE-2022-36436
MISC
MISC
MISC
MISC
typo3 -- html_sanitizerThe typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-36020
MISC
CONFIRM
MISC
MISC
typo3 -- typo3TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-36105
CONFIRM
MISC
MISC
typo3 -- typo3TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-36104
CONFIRM
MISC
MISC
typo3 -- typo3TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-36108
CONFIRM
MISC
MISC
typo3 -- typo3TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-36106
MISC
CONFIRM
MISC
typo3 -- typo3TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.2022-09-13not yet calculatedCVE-2022-36107
CONFIRM
MISC
MISC
ubports -- ubuntu_touchUBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password.2022-09-09not yet calculatedCVE-2022-40297
MISC
ucms -- ucmsUCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.2022-09-12not yet calculatedCVE-2022-38297
MISC
unisharp -- laravel_filemanagerUniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022.2022-09-14not yet calculatedCVE-2022-40734
MISC
unisys -- data_exchange_management_studioUnisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur.2022-09-13not yet calculatedCVE-2022-32555
MISC
MISC
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.2022-09-17not yet calculatedCVE-2022-3234
MISC
CONFIRM
visam -- vbaseWhen logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.2022-09-16not yet calculatedCVE-2022-3217
MISC
watchdog -- anti-virusIncorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.2022-09-16not yet calculatedCVE-2022-38611
MISC
wavlink -- wn531g3The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.2022-09-13not yet calculatedCVE-2022-40623
MISC
wavlink -- wn531g3The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible.2022-09-13not yet calculatedCVE-2022-40622
MISC
wavlink -- wn531g3
 
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.2022-09-13not yet calculatedCVE-2022-40621
MISC
webobjects -- webobjectsProject Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.2022-09-14not yet calculatedCVE-2022-37724
MISC
MISC
wireshark -- wiresharkInfinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file2022-09-13not yet calculatedCVE-2022-3190
CONFIRM
MISC
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.2022-09-16not yet calculatedCVE-2022-29489
CONFIRM
CONFIRM
wordpress -- wordpressThe Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.2022-09-16not yet calculatedCVE-2022-1194
MISC
wordpress -- wordpressUnauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.2022-09-09not yet calculatedCVE-2022-38067
CONFIRM
CONFIRM
wordpress -- wordpressBroken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.2022-09-12not yet calculatedCVE-2022-38135
CONFIRM
CONFIRM
wordpress -- wordpressMultiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.1.3 at WordPress.2022-09-13not yet calculatedCVE-2022-38139
CONFIRM
CONFIRM
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress.2022-09-09not yet calculatedCVE-2022-37411
CONFIRM
CONFIRM
wordpress -- wordpressServer-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.2022-09-09not yet calculatedCVE-2022-36376
CONFIRM
CONFIRM
wordpress -- wordpressThe Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting2022-09-16not yet calculatedCVE-2022-2655
MISC
wordpress -- wordpressThe WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-09-16not yet calculatedCVE-2022-2887
MISC
wordpress -- wordpressThe Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.2022-09-16not yet calculatedCVE-2022-2877
MISC
wordpress -- wordpressThe Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting2022-09-16not yet calculatedCVE-2022-2654
MISC
wordpress -- wordpressThe Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack2022-09-16not yet calculatedCVE-2022-2863
MISC
wordpress -- wordpressThe Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-09-16not yet calculatedCVE-2022-2799
MISC
wordpress -- wordpressThe Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data2022-09-16not yet calculatedCVE-2022-2798
MISC
wordpress -- wordpressThe WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-09-16not yet calculatedCVE-2022-2737
MISC
wordpress -- wordpressThe WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting2022-09-16not yet calculatedCVE-2022-2669
MISC
wordpress -- wordpress
 
The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.2022-09-16not yet calculatedCVE-2022-2913
MISC
wordpress -- wordpress
 
The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).2022-09-16not yet calculatedCVE-2022-2912
MISC
wordpress -- wordpress
 
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.2022-09-16not yet calculatedCVE-2022-2351
MISC
wordpress -- wordpress
 
The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-09-16not yet calculatedCVE-2022-2575
MISC
wordpress -- wordpress
 
The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2022-09-16not yet calculatedCVE-2022-2635
MISC
wso2 -- enterprise_integratorAn issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be possible.2022-09-09not yet calculatedCVE-2022-39810
MISC
wso2 -- enterprise_integratorAn issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible.2022-09-09not yet calculatedCVE-2022-39809
MISC
xpdf -- xpdfXPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.2022-09-15not yet calculatedCVE-2022-38334
MISC
xstream -- xstreamThose using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.2022-09-16not yet calculatedCVE-2022-40154
CONFIRM
CONFIRM
xstream -- xstreamThose using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-09-16not yet calculatedCVE-2022-40152
CONFIRM
CONFIRM
xstream -- xstream
 
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-09-16not yet calculatedCVE-2022-40156
CONFIRM
CONFIRM
xstream -- xstream
 
Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.2022-09-16not yet calculatedCVE-2022-40155
CONFIRM
CONFIRM
xstream -- xstream
 
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-09-16not yet calculatedCVE-2022-40153
CONFIRM
CONFIRM
xstream -- xstream
 
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2022-09-16not yet calculatedCVE-2022-40151
CONFIRM
CONFIRM
yellowfin -- yellowfin_business_intelligenceCross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.2022-09-14not yet calculatedCVE-2020-19587
MISC
MISC
yellowfin -- yellowfin_business_intelligenceIncorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.2022-09-14not yet calculatedCVE-2020-19586
MISC
yimihome -- ywoaywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.2022-09-16not yet calculatedCVE-2022-38808
MISC
zabbix -- zabbixAn unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.2022-09-14not yet calculatedCVE-2022-40626
MISC
FEDORA
zoho -- manageengine_password_manager_proZoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.2022-09-16not yet calculatedCVE-2022-40300
MISC
zoom -- on-premise_meeting_connector_mmrZoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.2022-09-16not yet calculatedCVE-2022-28758
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.