CVE-2022-41767 An issue was found in MediaWiki before 1.35.8, 1.36.x, 1.37.x, and 1.38.x before 1.38.3.
CVE-2021-44856 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
CVE-2021-38561 The index calculation of golang.org/x/text before 0.3.7 is mishandled, causing an out-of-bounds read in BCP 47 tag parsing.
CVE-2022-37706 Enlightenment before 0.25.4 is setuid root and has a system library function that mishandles pathnames that begin with /dev.
CVE-2022-42898 MIT Kerberos 5 has an integer overflow that may lead to remote code execution on 32-bit platforms.
CVE-2022-45197 Slixmpp before 1.8.3 lacks SSL Certificate hostname validation, which allows an attacker to pose as any server.
CVE-2022-34472 If a PAC URL is set and the server hosting the PAC is not reachable, OCSP requests will be blocked, resulting in incorrect error pages.
CVE-2022-22738 An application could access out of bounds memory and cause a heap buffer overflow. This could be exploited to crash the application.
CVE-2022-22741 Resizing a popup while requesting fullscreen access would make it impossible to leave fullscreen mode.
CVE-2022-22744 The "Copy as curl" feature in DevTools isn't properly escaped for PowerShell. This could lead to command injection in a powershell prompt. This bug affects only Thunderbird for Windows.
CVE-2022-29911 An improper implementation of code>allow-top-navigation-by-user-activation/code> could lead to script execution without code>allow-scripts/code> being present.
CVE-2022-22748 Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program or handling an external URL protocol.
CVE-2022-29909 Documents in deeply-nested cross-origin browsing contexts could have gained the top-level origin's permissions, bypassing the prompt and possibly inheriting the permissions.
CVE-2022-45421 Mozilla developers Andrew McCreight and Gabriele Svelto found memory safety bugs in Thunderbird 102.4.
CVE-2022-38477 Firefox 103 and ESR 102.1 have memory safety bugs.
CVE-2022-45404 An attacker can go fullscreen through popups and code>window.print()/code> calls. This can lead to user confusion or spoofing attacks.
CVE-2022-1529 An attacker could have sent a message to the parent process and used the contents to double-index into a JavaScript object, leading to attacker-controlled JavaScript executing in the privileged parent process.
CVE-2022-42930 If two Workers initialize CacheStorage, a data race could happen in ThirdPartyUtil
CVE-2022-36320 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-28282 Using a link rel="localization"> could lead to a use-after-free and potential exploitable crash.
CVE-2022-2505 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-34482 An attacker could trick a user to drag and drop an image to a filesystem to get an executable filename, which could contain malicious code.
CVE-2022-34478 The ms-msdt, search, and search-ms protocols bring content from browsers to Microsoft applications, avoiding the browser.
CVE-2022-42929 A browser may shut down if a site calls code>window.print()/code>, which may persist beyond browser restart.
CVE-2022-2200 An attacker can corrupt an object prototype to set undesired attributes, which can lead to privileged code execution.
CVE-2022-2226 An OpenPGP digital signature includes the date when the signature was created. When displaying an email with a digital signature, the email's date will be shown.
CVE-2022-22754 An extension could have auto-updated itself and bypassed the prompt which grants it requested permissions.
CVE-2022-36317 An overly long URL can cause a Denial of Service. This only applies to Firefox for Android.
CVE-2022-31740 WASM code could cause a register allocation problem and exploitable crash on arm64.
CVE-2022-28287 Text selection could cause text selection caching to behave incorrectly, causing a crash.
CVE-2022-0566 An attacker can write 1 byte outside of Thunderbird's bounds to exploit this vulnerability.
CVE-2022-38474 A website with microphone access could record audio without notification.
CVE-2022-38472 XSLT error handling can be abused to associate attacker-controlled content with another origin. This could be used to fool the user into submitting data intended for the spoofed origin.
CVE-2022-42927 A same-origin policy violation could have allowed theft of cross-origin URL entries, leaking the result of a redirect.
CVE-2022-34479 A malicious website that shows a popup could take over the address bar and spoof users.
CVE-2022-42928 An annotation missing in some allocated types could have lead to memory corruption and a crash.
CVE-2022-1802 An attacker could have corrupted the methods of an Array object to achieve execution of attacker-controlled code in a privileged context
CVE-2022-34480 An allocated pointer would be freed if one allocation fails.
CVE-2022-29918 Mozillla developers reported memory safety bugs in Firefox 99.
CVE-2022-36318 When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-31736 A malicious website could have learned the size of a cross-origin resource.
CVE-2022-3032 An code>iframe/code> element with a code>srcdoc/code> attribute could use remote objects inside the nested document, which were not blocked.
CVE-2022-3033 An HTML email containing a code>meta/code> tag with the code>http-equiv="refresh"> attribute can be used to launch a DNS request and refresh the page. This can be used to launch a phishing attack.
CVE-2022-42931 The password was saved by the Form Manager, not the password manager.
CVE-2022-42932 Memory safety bugs were found in Thunderbird 102.3.
CVE-2022-36319 Overflow and transform can interfere with each other, resulting in unpredictable mouse behavior.
CVE-2022-3034 An code>iframe/code> was specified in an HTML email, but Thunderbird didn't load the document.
CVE-2022-3775 Grub2's font code doesn't validate if the glyph's width and height is in bitmap size.
CVE-2022-20691 The Cisco ATA 190 Series Adaptive Telephone Adapter has a vulnerability that could be exploited to cause a DoS condition.
CVE-2022-20690 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20686 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20689 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20687 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-33186 Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, and earlier versions have a vulnerability that could allow a remote unauthenticated attacker to execute commands on the switch that could disable the switch or modify Zoning.
CVE-2022-41622 BIG-IP and BIG-IQ are vulnerable to CSRF attacks through iControl SOAP.
CVE-2022-4252 SourceCodester Canteen Management System has a vulnerability that is classified as problematic. The manipulation leads to cross site scripting.
CVE-2022-36431 An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code.
CVE-2022-44294 The Sanitization Management System v1.0 is vulnerable to SQL Injection.
CVE-2022-36137 CRM version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS.
CVE-2022-36136 The latest version of the ChurchCRM XSS vulnerabilities allow attackers to store XSS.
CVE-2022-41912 The crewjam/saml go library before version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9.
CVE-2022-39332 Nextcloud desktop sync client with desktop client application, attacker can inject HTML.
CVE-2022-41158 Vulnerable code can be created with cookie values as file paths.
CVE-2022-40282 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection
CVE-2022-45884 An issue was discovered in the Linux kernel through 6.0.9
CVE-2022-29825 An attacker can access sensitive information using an hard-coded password vulnerability in Mitsubishi Electric GX Works3 versions.
CVE-2022-44255 An overflow in the pre-authentication function of the TOTOLINK LR350 V9.3.5u.6369_B20220309 has been found.
CVE-2020-23591 An attacker can upload files through the " /mgm_dev_upgrade.asp " to delete all files for Denial of Service.
CVE-2022-44806 D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
CVE-2022-44201 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44187 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.
CVE-2022-2513 IEDs are stored in a cleartext form in Hitachi Energy's ConnPack, PCM600 versions below.
CVE-2022-41223 The Director database component of MiVoice Connect through 19.3 could be vulnerable to a code-injection attack.
CVE-2022-41937 The XWiki Platform is a generic wiki platform that offers runtime services for applications built on it. The application allows anyone with view access to modify any page.
CVE-2022-45016 The XSS vulnerability in the WBCE CMS Search Settings module allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-4084 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-4072 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-4077 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-4065 The cbeust testing tool has a critical vulnerability. The file testng-core/src/main/java/org/testng/JarFileUtils.java of the XML File Parser component has a vulnerability.
CVE-2022-4066 An issue was found in the function onion_response_flush of the file src/onion/response.c of the component Log Handler.
CVE-2022-31606 The NVIDIA GPU Display Driver has a vulnerability in the DxgkDdiEscape kernel mode handler that can allow an attacker with user capabilities to crash the system.
CVE-2022-31608 The NVIDIA GPU Display Driver has a vulnerability in D-Bus that a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, or escalation of privilege.
CVE-2022-42698 Unauth
CVE-2021-22141 An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16
CVE-2021-37936 Kibana wasn't sanitizing document fields containing HTML, which allowed attackers to write arbitrary HTML.
CVE-2022-45163 An information disclosure vulnerability exists on NXP devices configured in SDP mode i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, and i.M.
CVE-2021-33621 cgi gem before 0.1.0.2, 0.2.x, and 0.3.x allows HTTP response splitting.
CVE-2022-41880 TensorFlow is an open source machine learning platform. When the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max, a heap oob read occurs.
CVE-2022-41901 TensorFlow is an open source platform for machine learning. An input matrix with rank 0 will fail in "SparseMatrixNNZ"
CVE-2022-41888 TensorFlow is an open source platform for machine learning. When using GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that is not checked >
CVE-2022-41908 TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 string will fail check in tf.raw_ops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645.
CVE-2022-41885 TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor, it overflows and is patched in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce.
CVE-2022-41884 TensorFlow is an open source machine learning platform that can raise an error if a numpy array has a shape of one element with the others summing up to a large number.
CVE-2022-37197 IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
CVE-2022-41781 Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
CVE-2022-24038 Infraskope Security Event Manager has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed.
CVE-2022-24939 An invalid packet can cause a stack overflow in the ZNet stack.
CVE-2022-43096 Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
CVE-2022-44577 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2021-36905 Multiple Auth
CVE-2022-20428 An out of bounds write could lead to local escalation of privilege with System execution privileges.
CVE-2022-45066 Auth
CVE-2022-20427 There is a possible way to corrupt memory and gain System execution privileges in (TBD) of (TBD).
CVE-2022-39178 Webvendome's internal server IP is disclosed in a GET request.
CVE-2022-43457 SQL Injection in Delta Electronics DIAEnergie v1.9.02.001
CVE-2022-43332 An XSS vulnerability in Wondercms v3.3.4 allows attackers to inject arbitrary web script or HTML.
CVE-2022-42903 Zoho SupportCenter Plus allows low-privileged users to view the organization users list.
CVE-2021-31608 Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CVE-2022-43142 The add-fee.php component has an XSS vulnerability that can execute arbitrary web scripts, HTML files, or other dangerous content.
CVE-2022-41920 Lancet is a library for go that contains useful utility functions. An issue was found with zip fileutil, which is fixed in version 2.1.10 and 1.3.4.
CVE-2022-40751 UCD 6.2.7.0 through 7.2.3.1 may have a bug that allows an admin with "Manage Security" permissions to get files back.
CVE-2022-42892 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-42893 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-43140 The cn.keking.web.controller.OnlinePreviewController has a SSRF vulnerability.
CVE-2022-42985 The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform XSS attacks.
CVE-2022-42954 Keyfactor EJBCA before 7.10.0 allows XSS.
CVE-2022-42982 NtripCaster 2.0.39 allows querying information over UDP without authentication. The NTRIP sourcetable is typically tens of kBs and can be requested with a packet of 30 bytes.
CVE-2022-40881 SolarWinds IoT Device Management contains a command injection vulnerability.
CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.
CVE-2022-43781 An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system.
CVE-2022-42960 EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 has DOM XSS due to improper validation of message events to accessibility.js
CVE-2022-44005 BACKCLICK Professional 5.9.63 has a vulnerability that can reveal subscribers' e-mail addresses if the newsletter sign-up functionality uses consecutive IDs.
CVE-2022-44002 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-43999 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44007 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-39318 FreeRDP is a library for remote desktop protocol and clients, but affected versions don't have input validation. A malicious server can trick a client to crash with a division by zero.
CVE-2022-41877 FreeRDP is a library for remote desktop protocol, affected versions have input length validation in `drive` channel missing.
CVE-2022-39320 FreeRDP is a library for remote desktop protocol and clients. An affected version may attempt integer addition on too narrow types and allocate a buffer too small holding the data written.
CVE-2022-39383 KubeVela is an application delivery platform. Users using the VelaUX API could be affected by this vulnerability.
CVE-2022-44069 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVE-2022-43262 The Human Resource Management System v1.0 had a SQL injection vulnerability in the password parameter.
CVE-2022-4018 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41917 OpenSearch is a community-driven open source fork of Elasticsearch and Kibana that allows users to specify a local file.
CVE-2022-3920 Consul and Consul Enterprise 1.13.0 to 1.13.3 do not filter out nodes and services that are used for the UI.
CVE-2022-41918 OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana
CVE-2022-29276 AhciBusDxe has SMI vulnerabilities, which lead to SMRAM corruption. This was discovered by Insyde during security review.
CVE-2022-4006 A vulnerability in WBCE CMS is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler.
CVE-2022-30768 Stored XSS flaw in ZoneMinder 1.36.12 allows Admin users to execute arbitrary HTML or JavaScript when they logout.
CVE-2022-38201 Esri Portal for ArcGIS Quick Capture Web Designer has an unvalidated redirect vulnerability.
CVE-2022-30771 The initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions.
CVE-2022-38385 The IBM Cloud Pak for Security 1.10.0.0 through 1.10.2.0 could be exploited by an authenticated user to obtain sensitive information or perform unauthorized actions.
CVE-2022-42785 Multiple W&T products of the ComServer Series are prone to an authentication bypass
CVE-2022-20940 An vulnerability in Cisco Firepower Threat Defense could allow an attacker to gain access to sensitive information.
CVE-2022-20839 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20935 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20949 The management web server of Cisco Firepower Threat Defense could be exploited by an authenticated, remote attacker with high privileges.
CVE-2022-20943 Multiple vulnerabilities in the SMB2 processor of the Snort detection engine could allow an unauthenticated, remote attacker to bypass the configured policies or cause a DoS.
CVE-2022-29275 Untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering and lead to escalation of privileges. This issue was discovered by Insyde during security review.
CVE-2022-20941 The web-based management interface of Cisco Firepower could be vulnerable to an unauthenticated, remote attacker who could access sensitive information.
CVE-2022-45387 The Jenkins BART Plugin 1.0.3 and earlier does not escape the content of build logs before rendering it on the UI, resulting in a XSS vulnerability.
CVE-2022-45380 Jenkins JUnit Plugin converted HTTP(S) URLs to clickable links which were unsafe, resulting in a XSS vulnerability that is exploitable by attackers with Item/Configure permission.
CVE-2022-45391 Jenkins NS-ND Integration Performance Plugin 4.8.0.143 and earlier disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
CVE-2022-45382 Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds, resulting in a stored XSS vulnerabi l. This can be exploited by attackers who can edit build display name.
CVE-2022-45399 An permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45390 An error in the Jenkins loader.io plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-45394 An attacker with Item/Read permission can delete build logs.
CVE-2022-27895 Foundry was vulnerable to log files being captured due to an issue in earlier versions.
CVE-2022-42001 BlueSpiceBookshelf extension allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-3958 BlueSpiceUserSidebar extension has XSS flaw that allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-41814 BlueSpiceFoundation extension allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVE-2022-42000 BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVE-2022-3895 UI components aren't sanitizing output and are prone to XSS.
CVE-2022-41611 An XSS vulnerability in the BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML.
CVE-2022-3480 An attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending more unauthenticated HTTPS connections from different source IP's.
CVE-2022-33237 Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold
CVE-2022-25742 Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server.
CVE-2022-25674 Cryptographic issues in WPA/WPA2 group key handshake in Snapdragon Consumer, Industrial, and Voice & Music.
CVE-2022-25667 The Snapdragon Wired Infrastructure and Networking component handles ICMP requests improperly, which exposes information disclosure.
CVE-2022-42053 An AC1200 router was found to have a command injection vulnerability in the setPortMapping function.
CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.
CVE-2022-42058 The Tenda AC1200 router model W15Ev2 V15.11.0.10(1576) had a stack overflow vulnerability.
CVE-2022-40844 An issue with Tenda's W15Ev2 AC1200 router's applications' filtering tab allows an attacker to execute JavaScript code via the URL.
CVE-2022-41396 An AC 1200 W15Ev2 router was found to have multiple command injection vulnerabilities in the function setIPsecTunnelList.
CVE-2022-42129 An IDOR vulnerability in the Liferay Portal DXP and 7.3-7.4 modules allows remote attackers to view and access form entries.
CVE-2022-42111 An XSS vulnerability in Liferay Portal's user notification module allows attackers to inject arbitrary web script or HTML.
CVE-2022-42126 The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8 and 7.4 before update 29 doesn't properly check permissions, which allows remote attackers to view asset libraries.
CVE-2022-33906 DMA transactions that are used by FwBlockServiceSmm software SMI handler could cause SMRAM corruption.
CVE-2022-33983 DMA transactions used for NvmExpressLegacy software could cause SMRAM corruption.
CVE-2022-33986 DMA attacks on the SMI handler's parameter buffer could lead to a TOCTOU attack.
CVE-2022-33909 DMA transactions used by the HddPassword software SMI handler could cause SMRAM corruption.
CVE-2022-33982 DMA attacks on the Int15ServiceSmm parameter buffer could lead to a TOCTOU attack on the SMI handler and lead to SMRAM corruption.
CVE-2022-43690 In CMS below 8.5.10, the legacy_salt function was not compared strictly, allowing authentication bypass if used.
CVE-2022-43030 An RCE vulnerability was found in SIYUCMS, a content management system.
CVE-2022-40903 Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 doesn't mitigate failed access attempts, which allows attackers to gain admin privileges.
CVE-2022-40735 The Diffie-Hellman Key Agreement Protocol allows use of long exponents that can be expensive when using short exponents.
CVE-2022-43968 Reflected XSS was found in 9.0.0-9.1.2 versions of Concrete CMS below 8.5.10 and between dashboard icons.
CVE-2022-43686 In Concrete CMS, the authTypeConcreteCookieMap table can be filled up causing a denial of service.
CVE-2022-43294 Tasmota was found to have a stack overflow in ClientPortPtr at lib/libesp32/rtsp/CRtspSession.cpp.
CVE-2022-3362 Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().
CVE-2022-37109 Camp Fuller is vulnerable to Incorrect Access Control.
CVE-2022-41913 Discourse-calendar adds calendar functionality to the first post of a topic.
CVE-2022-44390 An XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-34320 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow attackers to decrypt sensitive information.
CVE-2022-44389 EyouCMS V1.5.9-UTF8-SP1 was found to have a Cross Site Request Forgery vulnerability in the Edit Admin Profile module.
CVE-2022-43694 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
CVE-2022-34313 IBM CICS TX 11.1 doesn't set the secure attribute on authorization tokens or session cookies. This makes it easier for attackers to get the cookie values or send a http:// link to a user and plant the link.
CVE-2022-43342 An XSS vulnerability in Eramba GRC Software c2.8.1's Add function allows attackers to inject arbitrary web scripts or HTML.
CVE-2022-3469 The WP Attachments plugin before 5.0.5 has an unsafe setting that could allow high-privilege users to do Stored Cross-site Scripting.
CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.
CVE-2022-45183 Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID.
CVE-2022-3979 NagVis up to 1.9.33 is vulnerable to a problem in the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. This could lead to an authentication bypass.
CVE-2022-3978 A vulnerability was found in NodeBB up to 2.5.7, which can be exploited to make remote requests forgery.
CVE-2022-3976 An exploit has been found in MZ Automation 1.4 and classified as critical. This vulnerability affects MMS File Services.
CVE-2022-3975 A vulnerability in NukeViet CMS's Data URL Handler is the function filterAttr. It's affected by the issue.
CVE-2022-3974 A critical vulnerability was found in Axiomatic Bento4. The affected function is AP4_StdcFileByteStream::ReadPartial of the mp4info component.
CVE-2022-3965 An issue was found in ffmpeg's smc_encode_stream function. This vulnerability affects the QuickTime Graphics Video Encoder component.
CVE-2022-3963 An issue was found in gnuboard5, a component of FAQ Key ID Handler. The fm_id argument can be manipulated to perform a cross-site scripting attack.
CVE-2022-45196 An attacker can cause a denial of service by sending a crafted Fabric 2.3 channel tx with the same name.
CVE-2022-45195 The key derivation function in SimpleXMQ before 3.4.0 is not applied to data, which can impact forward secrecy and if there is a compromise of a single private key.
CVE-2022-38651 An attacker can exploit a security filter misconfiguration in VMware Hyperic Server 5.8.6 to bypass authentication requirements.
CVE-2022-41339 In MDM Plus, user privileges can be escalated.
CVE-2022-41905 WebDAV server WSGI is vulnerable to XSS attacks, which has been patched in version 4.1.0.
CVE-2022-45182 Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
CVE-2022-41906 OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc.
CVE-2021-33164 An improper BIOS access control may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-29486 The Intel Hyperscan library had buffer restrictions that could be abused by an unauthenticated user. This could lead to privilege escalation.
CVE-2022-27499 The Intel(R) SGX SDK premature release may allow a privileged user to potentially enable information disclosure.
CVE-2022-33176 In BIOS firmware for some Intel NUC 11 Performance kits and mini PCs, improper input validation may allow a privileged user to enable escalation of privilege via local access.
CVE-2021-33159 An improper authentication in subsystem may allow privilege escalation.
CVE-2022-26508 Inauthentic authentication in the SDP Tool may allow disclosure of information via network access.
CVE-2022-30548 An attacker can control a local search path element to escalate privilege.
CVE-2022-29515 Memory release in Intel SPS firmware may be exploited to cause denial of service.
CVE-2021-33064 An uncontrolled search path in the software installer for Intel System Studio may allow for privilege escalation.
CVE-2022-26367 Buffer restrictions in Intel XMM 7560 modem software before M2_7560_R_01.2146.00 may allow a privileged user to enable escalation of privilege via local access.
CVE-2021-0185 In early Intel Server Board M10JNP Family firmware, improper input validation may allow a privileged user to enable an escalation of privilege.
CVE-2022-42460 An access control vulnerability in the Traffic Manager plugin = 1.4.5 on WordPress allows for XSS.
CVE-2022-40981 Remote Access Server 4.5.0 and earlier is vulnerable to malicious file upload.
CVE-2022-3703 The ETIC Telecom RAS 4.5.0 and earlier is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and privilege escalation.
CVE-2022-41879 Parse Server is an open source backend that runs on Node.js.
CVE-2022-43679 OwnCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
CVE-2022-39393 Wasmtime is a standalone runtime for WebAssembly
CVE-2022-39392 Wasmtime's pooling allocator has a bug when the allocator is configured to give WebAssembly instances 0 pages of memory.
CVE-2022-36022 Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM
CVE-2021-40226 xpdfreader 4.03 is vulnerable to Buffer Overflow.
CVE-2022-45063 In older versions of tmux, there was a font operation vulnerability that allowed command execution. This is no longer the case.
CVE-2022-39037 Agentflow BPM file download function has a path traversal vulnerability
CVE-2022-39038 Agentflow BPM enterprise management system has improper authentication
CVE-2022-42786 Multiple W&T Products of the ComServer Series are prone to an XSS attack
CVE-2022-39307 Grafana is an open-source monitoring platform. The password forgotten page sends a POST request to the /api/user/password/sent-reset-email URL.
CVE-2022-3486 An open redirect vulnerability in GitLab EE/CE older than 15.3.5, 15.4.4, and 15.5.2 allows attackers to redirect users to an arbitrary location if they trust the URL.
CVE-2022-39890 In Samsung Billing 5.0.56.0, improper authorization allows attacker to get sensitive information.
CVE-2022-39887 An access control vulnerability in MiscPolicy prior to SMR Nov-2022 Release 1 allows a local attacker to configure EDM settings.
CVE-2022-39881 In-bound SIB12 PDU can be read out of bounds memory in Exynos modems prior to SMR Sep-2022 release.
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-44550 The graphics display module has a UAF vulnerability when traversing graphic layers
CVE-2022-31685 VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability
CVE-2022-29836 In 2018, a Path Traversal vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. This could allow attackers to abuse certain parameters to access the device's files.
CVE-2022-27674 An attacker may be able to bypass bounds checks and crash the Windows kernel, resulting in denial of service.
CVE-2022-44552 The lock screen module has defects introduced in the design process
CVE-2022-31687 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability
CVE-2022-31688 Assist prior to 22.10 contains a Reflected XSS vulnerability.
CVE-2022-27673 Inadequate access controls in the AMD Link Android app may result in information disclosure.
CVE-2022-44560 The launcher module has an Intent redirection vulnerability
CVE-2022-44561 The preset launcher module has a permission verification vulnerability
CVE-2022-25932 InHand Networks InRouter302 V3.5.45 fixes TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete
CVE-2021-34569 In WAGO I/O-Check Service, an attacker can crash the diagnostic tool and write memory.
CVE-2021-34566 An attacker can send a malicious packet to crash the iocheck process and write memory to DoS WAGO I/O-Check Service.
CVE-2021-34568 In WAGO I/O-Check Service, an unauthenticated remote attacker can send a packet to cause a denial of service.
CVE-2021-34567 WAGO I/O-Check Service can be abused to send malicious packets and provoke a denial of service and an out-of-bounds read.
CVE-2022-43119 An XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43118 An XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43320 FeehiCMS v2.1.1 has a reflected XSS vulnerability via the id parameter.
CVE-2022-39328 Grafana is an open-source platform for monitoring and observability
CVE-2022-41214 An attacker with high privileges can delete a file which is otherwise restricted.
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c
CVE-2022-20462 phNxpNciHal has an out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2021-1050 In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-32618 In typec, there is a possible out-of-bounds write due to an incorrect calculation of buffer size, which could lead to local escalation of privilege, with no additional execution privileges needed.
CVE-2022-26446 Modem 4G RRC has a possible system crash due to improper input validation. This could lead to remote denial of service.
CVE-2022-33322 Mitsubishi Electric products contain cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform a MITM attack and inject malicious script codes.
CVE-2022-44320 PicoC Version 3.2.2 had a buffer overflow in ExpressionCoerceFP in expression.c when called from ExpressionParseFunctionCall.
CVE-2022-44316 PicoC 3.2.2 had a buffer overflow in the LexGetStringConstant function when called from LexScanGetToken.
CVE-2022-44314 PicoC 3.2.2 had a buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44315 PicoC Version 3.2.2 had a heap buffer overflow in ExpressionAssign when called from ExpressionParseFunctionCall.
CVE-2022-44318 PicoC Version 3.2.2 had a buffer overflow in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-41432 The EyesOfNetwork web interface had a reflected XSS vulnerability.
CVE-2022-41433 The EyesOfNetwork Web Interface v5.3 had a reflected XSS vulnerability.
CVE-2022-41434 The EyesOfNetwork Web Interface v5.3 has an XSS vulnerability.
CVE-2022-43359 Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c had an out-of-bounds read in the function read_image_data.
CVE-2022-3878 A critical vulnerability has been found in Maxon ERP. Manipulation of the argument tb_search leads to sql injection.
CVE-2022-43319 An information disclosure vulnerability in the component vcs/downloadFiles.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
CVE-2022-44050
CVE-2022-44048 The d8s-urls for python included a backdoor inserted by a third party. This is the democritus-domains package.
CVE-2022-44797 For older versions of lnd and other Bitcoin-related products, forgets to check witness size.
CVE-2022-44795 Object First 1.0.7.712 has a Web Service flaw that could lead to local information disclosure. The command that creates the support bundle's URL uses an insecure RNG.
CVE-2022-44796 Object First's authorization service has a flow that allows getting access to the Web UI without knowing credentials.
CVE-2022-44792 Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to crash the instance.
CVE-2022-44793 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash.
CVE-2022-42905 WOLFSSL before 5.5.2 had a potential buffer over-read issue if callback functions were enabled.
CVE-2022-37710 Dental Eaglesoft 21 has AES-256 encryption with key backup/retrieval or DbEncryptKeyPrimary > Encryption Key.
CVE-2022-44544 Ghostscript could potentially be exploited to trigger a remote shell. This is the case if the site is running on Ubuntu and the flag -dSAFER isn't set.
CVE-2022-42707 Mahara 21.04, 21.10, 22.04, and 22.10 has embedded images accessible without a sufficient permission check if certain conditions are met.
CVE-2022-38660 HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability
CVE-2022-41669 An improper verification of cryptographic signature vulnerability exists in the SGIUtility component. This could lead to the execution of malicious code if a malicious DLL is loaded.
CVE-2022-41667 An adversary with local user privileges can load a malicious DLL to execute malicious code. This is a CWE-22 vulnerability.
CVE-2022-42749 An attacker in the 'page' of the 'ajax.php' resource can steal cookies of other users.
CVE-2022-42746 The 3.0.0 version of the CandidATS API allows an attacker to steal cookies of arbitrary users.
CVE-2022-42743 deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object
CVE-2022-44624 In JetBrains TeamCity before 2022.10, password parameters with special characters could be exposed in the build log.
CVE-2022-43102 Tenda AC23 V16.03.07.45_cn had a stack overflow vulnerability that could be exploited via the timeZone parameter in fromSetSysTime.
CVE-2022-41435 An open source router's SSH keys vulnerability contains XSS.
CVE-2021-46853 Before 2.25, an attack on LIST or LSUB can cause a denial of service.
CVE-2022-24936 GBL parser out-of-bounds error allows attacker to overwrite flash Sign key and OTA decryption key.
CVE-2022-39353 Xmldom is a standard-based XML DOM parser and serializer module.
CVE-2022-43239 Discovered that the Lide265 v1.0.8 had a heap buffer overflow vulnerability.
CVE-2022-38380 An access control vulnerability in FortiOS 7.2 and earlier may allow a remote read-only user to modify the interface settings via the API.
CVE-2022-26122 FortiGate versions prior to 6.4.274 and FortiClient, FortiMail may have insufficient data authenticity verification, which may allow attackers to bypass the AV engine.
CVE-2022-3808 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-42312 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42311 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42318 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2020-36605 Inappropriate default permissions allow attackers to run malicious code on the Hitachi AI Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint components.
CVE-2022-39018 PDFtron data in M-Files Hubshare before 3.3.11.3 was accessed by unauthenticated attackers if they know the URL.
CVE-2022-40294 An application was found to have a CSV injection vulnerability, allowing malicious code to be embedded in exported data.
CVE-2022-40289 The application was vulnerable to Stored XSS and could be used to escalate privileges or compromise accounts.
CVE-2022-39016 Injection in PDFtron allows attackers to takeover user account.
CVE-2020-23255 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-41688 SEI's Device Master versions 00.00.01a and earlier lack proper authentication for user group functions.
CVE-2022-31692 An earlier version of Spring Security was vulnerable to authorization rule bypass. END>
CVE-2022-41629 The 00.00.01a versions of the Device Master from DEI allow unauthenticated users to access the endpoint, which could allow an attacker to retrieve any file from the "RunningConfigs" directory.
CVE-2022-3770 An critical vulnerability was found in Yunjing CMS. The file /index/user/upload_img.html can be manipulated to upload files without restrictions. The attack can be initiated remotely.
CVE-2022-40617 The strongSwan revocation plugin can be compromised when an attacker sends a crafted end-entity certificate that contains a CRL/OCSP URL pointing to a controlled server.
CVE-2022-3755 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-2826 An issue has been discovered in GitLab starting from 10.0 before 12.9.8, 12.10 before 12.10.7, 13.0 before 13.0.1.
CVE-2022-41648 The HEROS 5.08.3 controller is vulnerable to improper authentication, which may allow an attacker to deny service to the production line or steal sensitive data.
CVE-2022-43165 An XSS vulnerability in the Global Variables feature of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-39367 The QTIWorks Engine allows users to upload content packages as ZIP files before version 1.0-beta15.
CVE-2022-37426 File upload with OpenNebula's core on Linux can be disabled by injection of harmful file content.
CVE-2022-3697 amazon.aws flaw: amazon.aws uses tower_callback parameter from amazon.aws.ec2_instance module when using amazon.aws collection.
CVE-2022-2882 An issue has been found in GitLab CE/EE prior to 15.3.4, 15.4.1, and 12.6.5.1.
CVE-2022-3730 A critical vulnerability was found in seccome Ehoney. The manipulated Payload argument leads to sql injection.
CVE-2022-3725 An OPUS protocol crash in Wireshark 3.6.0 to 3.6.8 allows denial of service.
CVE-2022-40184 JavaScript code in the video jet multi 4000 web interface is not being filtered properly, allowing an attacker with admin credentials to store code and execute it for all admins.
CVE-2021-45476 Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.
CVE-2022-3705 An issue was found in vim's qf_update_buffer function, which is used for the quickfix autocmd handler. This vulnerability allows for use after free.
CVE-2022-39286 Jupyter Core is a package for core common functionality of Jupyter projects. Jupyter Core contains an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in CWD.
CVE-2022-20933 The vulnerability in Cisco AnyConnect VPN server could cause a DoS on an affected device.
CVE-2022-20954 Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could be vulnerable to path traversal, sensitive data viewing, and write arbitrary files attacks.
CVE-2022-43749 In Synology Presto File Server before 2.1.2-1601, improper privilege management can be bypassed via unspecified vectors.
CVE-2022-33182 Brocade Fabric OS CLI privilege escalation vulnerability could let a local user escalate their privileges to root using 'supportlink' and 'firmwaredownload' commands.
CVE-2022-38181 An Arm product family through 2022. GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.
CVE-2022-27912 An issue was discovered in Joomla! 4.0.0 through 4.2.3
CVE-2022-31468 An attacker can XSS the OX App Suite through 8.2 when a client uses the len or off parameter.
CVE-2022-39322 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js
CVE-2022-35876 There are 3 format string vulnerabilities in the XCMD testWifiAP functionality of the Abode Systems, Inc. iota All-In-One Security Kit.
CVE-2022-34845 An update vulnerability exists in Robustel R1510's sysupgrade functionality. A specially crafted packet can lead to arbitrary firmware update.
CVE-2022-39836 COVESA dlt-daemon through 2.18.8 has a file parser bug that can be exploited to crash the process.
CVE-2022-39342 OpenFGA is an authorization/permission engine. Versions prior to v0.2.4 are vulnerable to authorization bypass under certain conditions
CVE-2022-33204 Abode Systems Inc. iota All-In-One Security Kit 6.9X and 6.9Z has 2 command injection vulnerabilities. An attacker can execute commands on the system
CVE-2022-3391 The Retain Live Chat plugin doesn't sanitise its settings, which could allow high privilege users to perform stored XSS attacks.
CVE-2022-39349 The Tasks.org app uses the ShareLinkActivity to handle to-do lists and reminders.
CVE-2022-35268 Web_server hashFirst vulnerability can lead to denial of service.
CVE-2021-26729 Injection and buffer overflow vulnerabilities in the Login_handler_func function of spx_restservice allows attacker to execute arbitrary code with server user privileges.
CVE-2021-45925 An attacker can guess legitimate user names registered in the BMC.
CVE-2021-26727 Injection flaws in SubNet_handler_func allow attacker to execute code with root privileges.
CVE-2021-26733 The FirstReset_handler_func function in spx_restservice has a broken access control vulnerability that allows an attacker to send reboot commands and cause a DoS.
CVE-2022-40690 An attacker can inject arbitrary scripts in BookStack versions prior to v22.09.
CVE-2021-42010 Heron versions 0.20.4 incubated with CRLF injection vulnerability.
CVE-2022-39313 Parse Server is an open source backend that runs on Node.js.
CVE-2021-44467 An access control vulnerability in spx_restservice's KillDupUsr_func function allows an attacker to terminate active sessions of other users. This causes a DoS condition.
CVE-2021-44769 An input validation vulnerability in TLS certificate generation can cause a DoS condition. This is mitigated by a factory reset.
CVE-2022-43677 In free5GC 3.2.1, an index-out-of-range panic in aper.GetBitString can crash the AMF and NGAP decoders.
CVE-2020-5355 Dell Isilon versions 8.2.2 and earlier SSHD process improperly allows TCP and stream forwarding.
CVE-2022-34438 Dell PowerScale OneFS versions 8.2.x-9.4.0 contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to system compromise.
CVE-2022-31239 Dell PowerScale OneFS versions 9.0.0 to 9.1.0.19, 9.2.1.12, and 9.3.0.6 have a sensitive data in log files vulnerability.
CVE-2022-34437 Dell PowerScale OneFS versions 8.2.2-9.3 have an OS command injection vulnerability that a malicious local user can exploit to compromise the system.
CVE-2022-3646 A vulnerability was found in the Linux kernel, which affects the function nilfs_attach_log_writer of BPF component. The manipulation leads to memory leak.
CVE-2022-1070 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-1066 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3627 libTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service.
CVE-2022-3642 A vulnerability in the Linux Kernel affects the function rtl8188f_spur_calibration of the Wireless component.
CVE-2022-42944 Malicious .dwf or .pct file could lead to memory corruption vulnerability by read access violation.
CVE-2022-3639 A DOS vulnerability was discovered in GitLab CE/EE affecting versions 10.8-15.3.
CVE-2022-3626 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemset that can be exploited by attackers to cause a denial-of-service.
CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection, which can be used to cause a denial-of-service.
CVE-2022-3598 Script in LibTIFF 4.4.0 has an out-of-bounds write, allowing attackers to cause a denial-of-service.
CVE-2022-3570 In libtiff library 4.4.0, heap buffer overflows could lead to application crash, potential information disclosure.
CVE-2022-3597 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemcpy that can be used to cause a denial of service. Attackers can exploit this vulnerability to cause a DoS.
CVE-2022-1059 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-43400 V2022 R2 has a vulnerability. V22.2a>
CVE-2022-3633 A problem with the function j1939_session_destroy of the IPsec component net/can/j1939/transport.c leads to a memory leak.
CVE-2021-42553 An attacker can exploit a buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics to execute arbitrary code.
CVE-2022-3629 A vulnerability was found in the IPsec component of Linux Kernel. It's been declared as problematic due to memory leak.
CVE-2022-3630 A vulnerability was found in IPsec that leads to memory leak.
CVE-2022-37454 Keccak XKCP SHA3 has an integer overflow and buffer overflow that allows attackers to execute arbitrary code or eliminate cryptographic properties.
CVE-2022-3624 An issue with the IPsec function rlb_arp_xmit was found and is considered problematic. The vulnerability causes a memory leak.
CVE-2022-36958 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-36957 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-39823 An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10
CVE-2022-37453 An issue was discovered in Softing OPC UA C++ SDK before 6.10
CVE-2022-36966 Node Management users had access to all nodes due to an Insufficient control on URL parameter causing IDOR vulnerability in SolarWinds Platform.
CVE-2022-3620 Vulnerability in Exim was found, it's a dmarc_dns_lookup issue. Remote attack is possible.
CVE-2022-3621 A vulnerability was found in the Linux kernel. It is considered problematic due to the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode. The manipulation leads to a null pointer dereference.
CVE-2022-3623 A vulnerability was found in the Linux Kernel. It is problematic due to a race condition.
CVE-2022-42344 Adobe Commerce versions 2.4.3-p2, 2.3.7-p3, and 2.4.4 are affected by a validation vulnerability.
CVE-2022-2069 The APDFL.dll in Siemens JT2Go V13.3.0.5 and Siemens Teamcenter Visualization V14.0.0.2 contains a heap-based write that wrote past the buffer.
CVE-2022-3577 An out-of-bounds memory write flaw was found in the Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-42233 Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.
CVE-2022-42176 Hard-coded admin panel access in PCTechSoft PCSecure V5.0.8.xw using use of Hard-coded Credentials.
CVE-2022-42200 The Exam Reviewer Management System v1.0 is vulnerable to Stored XSS.
CVE-2022-42198 The User List function suffers from insecure file upload in Simple Exam Reviewer Management System v1.0.
CVE-2022-26954 Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow attackers to conduct phishing attacks. The ChangePassword function is affected.
CVE-2022-37298 Shinken Monitoring 2.4.3 is vulnerable to Incorrect Access Control.
CVE-2022-37598 Prototype pollution vulnerability in ast.js with the name variable in UglifyJS 3.13.2.
CVE-2021-33231 EasyVista Service Manager 2018.1.181.1 has an XSS vulnerability that allows attackers to run arbitrary code.
CVE-2022-27624 A memory buffer vulnerability affects OOB Management packet decryption.
CVE-2022-27626 Vulnerability found in session processing of OOB management.
CVE-2022-27625 An issue with memory buffer operations, OOB Management, is found.
CVE-2022-3327 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41806 An undisclosed request can cause an increase in memory resource utilization when BIG-IP AFM Network Address Translation with IPv6/IPv4 translation rules is configured on a virtual server.
CVE-2022-41813 Traffic Management Microkernel (TMM) can terminate when a certain input is provided to PEM or AFM module in certain versions of BIG-IP.
CVE-2022-38107 Sensitive information could be displayed when a detailed technical error message is posted
CVE-2022-41624 Unclosed traffic can cause an increase in memory resou END> The BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x have undisclosed traffic that can cause an increase in memory resou.
CVE-2022-41694 An SSL key was imported on a BIG-IP or BIG-IQ system, but undisclosed input was used. This could lead to a security vulnerability.
CVE-2022-41836 An 'Attack Signature False Positive Mode' on a virtual server can cause the bd process to terminate.
CVE-2022-41691 When a BIG-IP Advanced WAF/ASM security policy is configured, undisclosed requests can cause the bd process to terminate.
CVE-2022-31684 Reactor Netty HTTP Server may log request headers in some cases of invalid HTTP requests. This may reveal valid access tokens to those with access to server logs.
CVE-2022-41833 An iRule containing the HTTP::collect command can cause TMM to terminate.
CVE-2022-41983 Hardware platforms on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and 13.1.x can have undisclosed conditions when Intel QAT and AES-GCM/CCM are used.
CVE-2022-41770 An authenticated iControl REST user can increase memory consumption.
CVE-2022-41787 DNS Express is enabled on a virtual server with DNS profile and undisclosed DNS queries can be sent to the internal DNS. This might lead to information disclosure. END>
CVE-2022-41780 An directory traversal vulnerability in F5OS-A and F5OS-C before 1.4.0 allows attackers to read arbitrary files.
CVE-2022-36795 LTM TCP profile with Auto Receive Window enabled on a virtual server can be vulnerable to undisclosed traffic. This can lead to a vulnerability.
CVE-2022-41743 Before R27 P1 and R26 P1, the ngx_http_hls_module has a vulnerability that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact.
CVE-2022-41832 An undisclosed message can cause an increase in memory consumption in BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x when a SIP profile is configured on a virtual server.
CVE-2022-43024 Tenda TX3 US_TX3V1.0 was discovered to have a stack overflow vulnerability with the list parameter.
CVE-2022-43026 Tenda TX3 US_TX3V1.0 br_V16.03.13.11_multi_TDE01 contains a stack overflow via the endIp parameter.
CVE-2022-43027 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to have a stack overflow via the firewallEn parameter.
CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 stack overflow was discovered via the time parameter.
CVE-2022-23241 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock enabled are vulnerable to an authenticated remote attack which could allow arbitrary modification or deletion of WORM data.
CVE-2022-1970 DO NOT USE this candidate's ConsultID. The CNA pool was not assigned any issues in 2022.
CVE-2022-2805 An otapi-style flaw in ovirt-engine can log passwords in the log file.
CVE-2013-4253 The deployment script in the unsupported "OpenShift Extras" add-on scripts installs a default public key in the root user's authorized_keys file.
CVE-2022-43016 OpenCATS v0.9.6 had a XSS vulnerability in the callback component.
CVE-2022-1523 An earlier version of Fuji Electric D300win is vulnerable to a write-what-where condition, which could allow an attacker to manipulate the flow of information.
CVE-2013-4281 In Red Hat Openshift 1, the /etc/openshift/server_priv.pem file has weak default permissions, which could allow users with local access to read it.
CVE-2022-41707 An attacker can access data of any user of the Messenger application.
CVE-2022-43415 The REPO Plugin 1.15.0 and earlier does not properly protect against XXE attacks.
CVE-2022-43416 An earlier version of the Jenkins Katalon Plugin allowed attackers to control agent processes and invoke Katalon.
CVE-2022-43433 Jenkins Screen recorder plugin disables Content Security Policy protection for user-generated content.
CVE-2022-43413 The Jenkins Job Import Plugin 3.5 and earlier doesn't perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43420 The Jenkins Contrast plugin 3.9 and earlier doesn't escape data returned from the service, which leads to a stored XSS vulnerability. Attackers who can access the application's backend are able to exploit the vulnerability.
CVE-2022-43435 Jenkins 360 FireLine Plugin 1.7.2 and earlier disables Content-Security-Policy protection for user-generated content.
CVE-2022-43424 Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers to control agent processes to obtain values of system properties.
CVE-2022-43402 There is a sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier that allows attackers with permission to define and run sandboxed scripts.
CVE-2022-43404 The Jenkins Script Security Plugin has a sandbox bypass vulnerability that allows attackers with permission to define and run sandboxes to attack.
CVE-2022-43428 Compuware Topaz for Total Test Plugin 2.4.8 and earlier allows attackers to execute agent/controller commands and get Java system properties. This could lead to system information disclosure.
CVE-2022-43421 An error in Tuleap's Git Branch Source Plugin 3.2.4 and earlier lets attackers trigger projects with a specified repository if they don't have permission.
CVE-2022-43410 Mercurial plugin 1251.va_b_121f184902 and earlier has webhook endpoint that exposes which jobs were triggered or scheduled for polling, which users have no permission to access.
CVE-2022-43403 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts to bypass the restriction.
CVE-2022-43431 An earlier Compuware Strobe Measurement Plugin didn't perform permission checks, which allowed attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43406 An untrusted attacker can create and run untrusted Pipelines in Jenkins Pipeline vf3b_454e43966, which is deprecated.
CVE-2022-43405 Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier has a sandbox bypass vulnerability that allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts.
CVE-2022-43427 Compuware Topaz for Total Test Plugin 2.4.8 doesn't perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43426 Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, which makes it easier for attackers to observe and capture it.
CVE-2022-43425 Jenkins' Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of parameters on views, resulting in a stored XSS vulnerabi END>
CVE-2022-43411 The Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
CVE-2022-43032 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43045 Scene Manager dump function had a segmentation violation.
CVE-2022-43037 An issue was discovered in Bento4 1.6.0-639
CVE-2022-43185 An XSS flaw in the Configuration/Holidays module of the Rukovoditel v3.2.1 allows attackers to inject arbitrary web script or HTML.
CVE-2022-43038 Bento4 v1.6.0-639 had a heap overflow in the mp42ts AP4_BitReader::ReadCache() function.
CVE-2022-43034 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-39301 sra-admin has a storage XSS vulnerability.
CVE-2022-43042 GFD054169B master contains a heap buffer overflow in the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVE-2022-43040 The gf_isom_box_dump_start_ex function had a heap buffer overflow.
CVE-2022-23734 An untrusted data deserialization vulnerability was found in GitHub Enterprise Server that could lead to remote code execution.
CVE-2022-43043 The BD_CheckSFTimeOffset function had a segmentation violation.
CVE-2022-43035 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-3607 Injection of special elements into another plane (octoprint/octoprint prior to 1.8.3)
CVE-2022-39233 Tuleap is a free and open source suite for managing software development and collaboration.
CVE-2022-25663 An overflow in the device's management frame handling could lead to a denial of service in Snapdragon Compute, Connectivity, and Consumer Electronics Connectivity.
CVE-2022-25718 In Snapdragon Auto, Connectivity, and IoT, there is a cryptographic issue.
CVE-2022-25749 Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames
CVE-2022-33210 Memory corruption in automotive multimedia due to use of out-of-range pointer offset when parsing command request packet with a very large type value.
CVE-2022-25736 Denial of service in WLAN due to out-of-bound read happens in Snapdragon Auto, Snapdragon Compute, etc.
CVE-2022-25723 Multimedia memory corruption due to callback registration failure.
CVE-2022-25687 Buffer overflow can lead to video corruption in Snapdragon Auto, Snapdragon Compute, etc. The issue is found in asf parsing.
CVE-2022-25661 Kernel memory corruption due to untrusted pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, and Snapdragon Industrial IOT devices.
CVE-2022-25660 A kernel double free issue in some Snapdragon chipsets. This can lead to a crash or memory corruption.
CVE-2022-39253 Git is an open source revision control system. Versions before 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are vulnerable to exposure of sensitive information.
CVE-2022-42467 The h2 webconsole module is available in prototype mode with the ability to query the database.
CVE-2016-20017 The D-Link DSL-2750B devices before 1.05 are vulnerable to remote command injection. In 2016-2018, this was exploited in the wild.
CVE-2016-20016 MVPower CCTV DVRs have a web shell that can be accessed via a /shell URI. An attacker can execute arbitrary operating system commands as root.
CVE-2022-35860 AES encryption in the Corsair K63 Wireless 3.1.3 can be sniffed by attackers if they are physically close.
CVE-2022-33077 An access control issue in nopcommerce v4.50.2 allows attackers to modify any customer's address.
CVE-2022-38901 The Liferay Digital Experience Platform 7.3.10 SP3 Document and Media module - file upload functionality allows remote attackers to inject arbitrary JS script or HTML.
CVE-2022-21634 Oracle Java SE component, LLVM Interpreter, has a vulnerability that affects versions 20.3.7, 21.3.3, and 22.2.0.
CVE-2022-39423 Vulnerability in Oracle VirtualBox that affects Prior to 6.1.38 versions.
CVE-2022-21638 MySql server is vulnerable to a security issue in 8.0.29 and earlier.
CVE-2022-39402 A vulnerability in the MySQL Shell product of Oracle MySQL is affecting versions 8.0.30 and prior.
CVE-2022-39403 A vulnerability in the MySQL Shell product of Oracle MySQL is affecting versions 8.0.30 and prior.
CVE-2022-21617 MySQL Server has a vulnerability that affects versions 5.7.39 and 8.0.30 and later.
CVE-2022-21625 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21627 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-39422 Vulnerability in Oracle VirtualBox that affects Prior to 6.1.38 versions.
CVE-2022-42117 The Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6 and 7.4 before update 17 is vulnerable to XSS. This can be used to perform malicious activities.
CVE-2022-21589 MySQL Server has a vulnerability that affects versions 5.7.39 and 8.0.16.
CVE-2022-21597
CVE-2022-21602 An issue in the Oracle PeopleSoft Enterprise PeopleTools product 8.58, 8.59, and 8.60 is affected.
CVE-2022-21598 Oracle Siebel CRM's DB Deployment and Configuration product is affected by a vulnerability. Affected versions are 22.8 and prior.
CVE-2022-21604 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-39407 Oracle PeopleSoft's Enterprise PeopleTools product is affected by a vulnerability that causes supported versions to be affected.
CVE-2022-21601 An Oracle Communications Vulnerability is being reported with versions 12.0.0.4.0-12.0.0.7.0 being affected.
CVE-2022-21637 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-21632 MySQL Server has a vulnerability that affects versions 8.0.30 and earlier.
CVE-2022-42116 The Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script.
CVE-2022-21629 Vulnerability in Oracle JD Edwards tools product 9.2.6.4 and earlier.
CVE-2022-21639 Oracle PeopleSoft's PeopleTools product is vulnerable to a PeopleTools component vulnerability. This component is affected by 8.59 and 8.60.
CVE-2022-21600 The MySQL Server product of Oracle MySQL is vulnerable to a vulnerability that affects versions 8.0.27 and prior.
CVE-2022-42113 Liferay Portal 7.4.3.30 - 7.4.3.36 has an XSS vulnerability that allows attackers to inject arbitrary scripts or HTML.
CVE-2022-39404 The MySQL Installer is vulnerable to CVE-2016-2107. This affects versions 1.6.3 and prior.
CVE-2022-21605 My MySQL Server is vulnerable to a database attack in versions 8.0.28 and earlier.
CVE-2022-39409 Oracle Transportation Management is affected by a vulnerability in versions 6.4.3 and 6.5.1.
CVE-2022-21641 MySql server is vulnerable to a security issue in 8.0.29 and earlier.
CVE-2022-21607 My MySQL Server product is vulnerable to a vulnerability in Oracle MySQL 8.0.28 and earlier.
CVE-2022-21608 My MySQL Server is vulnerable to a security issue in 5.7.39 and 8.0.30.
CVE-2022-3594 An issue was found in Linux Kernel, the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF was vulnerable to logging excessive data.
CVE-2022-3595 The sess_free_buffer function of the CIFS handler can be manipulated to cause a double free.
CVE-2022-43259 Tenda AC15 V15.03.05.18 had a stack overflow vulnerability in the timeZone parameter of the form_fast_setting_wifi_set function.
CVE-2022-43260 An AC18 V15.03.05.19(6318) was found to have a stack overflow in the fromSetSysTime function.
CVE-2022-41540 The TP-Link AX10v1 V1_211117 web app client uses hard-coded cryptographic keys to communicate with the router.
CVE-2022-33874 Insecure neutralization of special elements in SSH login components may allow unauthenticated remote attackers to gain remote admin access.
CVE-2022-41541 An attacker can replay an encrypted authentication message and valid authentication token with the AX10v1 V1_211117 device.
CVE-2022-33872 In some Telnet components of FortiTester, an improper neutralization of special elements may allow an unauthenticated remap of commands.
CVE-2020-15853 supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS
CVE-2022-3587 SourceCodester Simple Cold Storage Management System 1.0 has a vulnerability that causes My Account to malfunction.
CVE-2022-3580 An issue has been found in SourceCodester Cashier Queuing System 1.0.1 that affects user creation processing. Manipulation leads to cross site scripting.
CVE-2022-40889 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
CVE-2022-31122 Wire is an encrypted communication and collaboration platform. Versions before 2022-07-12 are subject to Token Recipient Confusion
CVE-2022-3339 An XSS vulnerability in ePO 5.10 before Update 14 allows an attacker to access the administrator's session of an authenticated ePO admin.
CVE-2022-31037 OroCommerce is an open-source Business to Business Commerce application
CVE-2022-39056 RAVA certificate validation system has insufficient validation for user input
CVE-2022-39057 The Ravva certificate validation system has insufficient filtering for special parameter of the web page input field.
CVE-2022-39055 RAVA certificate validation system has inadequate filtering for URL parameter
CVE-2022-22243 An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an attacker to add an XPath command, which may lead to other vulnerabilities.
CVE-2022-22228 An attacker can cause an RPD memory leak, which leads to a DoS.
CVE-2022-22236 An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway of Juniper Networks Junos OS on SRX and MX allows an unauthenticated, network-based attacker to cause a Denial of Service.
CVE-2022-22223 QFX10000 Series devices using Juniper Networks Junos OS as transit IP/MPLS PHP nodes with LAG interfaces can have input validation issues.
CVE-2022-22211 FPC resources of Juniper Networks Junos OS Evolved on PTX Series can be compromised to cause a Denial of Service.
CVE-2022-22227 The Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved has an Improper Check for Unusual or Exceptional Conditions vulnerability that allows a network-based attacker to cause a DoS.
CVE-2022-22192 The PTX series of Juniper Networks Junos OS is vulnerable to an attack that causes a Denial of Service.
CVE-2022-22201 The validation of Index, Position, or Offset in Junos Packet Forwarding Engine is vulnerable to Denial of Service.
CVE-2022-22224
CVE-2022-22225 An attacker with an established BGP session can cause a Denial of Service in Routing Protocol Daemon of Juniper Networks Junos OS and Junos OS Evolved.
CVE-2022-22230 Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Junos OS Evolved can be DoSed with an adjacent unauthenticated attacker.
CVE-2022-22232 A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series can cause a Denial of Service.
CVE-2022-22234 An attacker with low privileges can cause a Denial of Service in the Junos Packet Forwarding Engine.
CVE-2022-22235 An improper check in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause Denial of Service.
CVE-2022-22249 An attacker can cause a Denial of Service through the PFE of Juniper Networks Junos OS on MX Series.
CVE-2022-22219 An attacker in direct control of a BGP client, or via a machine in the middle, can cause Juniper Networks Junos OS and Junos OS Evolved to mishandle EVPN routes.
CVE-2022-22241 An IAV vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data.
CVE-2022-22250 In Junos OS and Junos OS Evolved, an attacker can cause a DoS by controlling a resource through its lifetime.
CVE-2022-22239 An attacker with low privileges can escalate their privileges on the device and potentially remote systems of Juniper Networks Junos OS Evolved.
CVE-2022-22240 Allocates resources without limits or throttling, and releases memory after an effective lifetime. Local auth required.
CVE-2022-22246 An LFI vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged attacker to execute an untrusted PHP file.
CVE-2022-22251 In Juniper Networks Junos OS, software permission issues and passwords in Junos OS are vulnerable to local low-privilege attacks.
CVE-2022-22248 An Incorrect Permission Assignment vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands.
CVE-2022-22247 An Ingress TCP segment processing vulnerability in Juniper Networks Junos OS Evolved allows a network-based attacker to send a crafted TCP segment to the device, triggering a kernel panic and Denial of Service.
CVE-2022-22238 An attack on the routing protocol daemon (rpd) can cause a Denial of Service.
CVE-2022-22220 An exploit in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved can cause a Denial of Service.
CVE-2022-22242 J-Web has an XSS vulnerability that allows an attacker to run malicious scripts in the victim's session.
CVE-2022-22237 An attacker can compromise Junos OS confidentiality or integrity by attacking the kernel.
CVE-2022-22233 An unchecked return value to NULL pointer dereference vulnerability in Juniper Network's Routing Protocol Daemon (rpd) allows a locally authenticated attacker with low privileges to cause a DoS.
CVE-2022-3569 ZCS has a local privilege escalation vulnerability in versions 9.0.0 and prior, where the 'zimbra' user can coerce postfix into running arbitrary commands as 'root'.
CVE-2020-8973 TPS200 NG in 2.00 and 1.01 firmware doesn't accept specially constructed requests.
CVE-2020-8976 The ZGR TPS200 NG integrated server on 2.00 firmware and 1.01 hardware allows a remote attacker to perform actions as the victim user.
CVE-2020-8975 TPS200 NG in 2.00 and 1.01 firmware versions allows remote attackers with access to the web application to access sensitive information about the system.
CVE-2020-8974 The firmware upload in ZGR TPS200 NG 2.00 and 1.01 doesn't have restrictions.
CVE-2022-41431 The component /admin/question/edit in xzs v3.8.0 had an XSS flaw.
CVE-2022-40606 In 4.1.0, XSS in the Operations tab and Debrief plugin is possible via a crafted operation name. This is different than CVE-2022-40605.
CVE-2022-42147 kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
CVE-2022-3382 The Robot System Software version 3.3.21.9869 has an error that handles terminated commands.
CVE-2022-3517 A vulnerability was found in the minimatch package
CVE-2022-3565 A critical vulnerability was found in the Linux Kernel function del_timer of the Bluetooth component. Using this issue leads to use after free.
CVE-2022-3566 A vulnerability was found in Linux Kernel TCP Handler which leads to a race condition.
CVE-2022-32176 V2.5.1-v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code through the "Compress Upload" functionality.
CVE-2022-42029 Chamilo 1.11.16 is vulnerable to authenticated local file inclusion. This can be exploited to copy/move files from anywhere in the file system into the web directory.
CVE-2022-41751 Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing commands in a JPEG filename and using the regeneration option.
CVE-2022-40055 Brute force attack can escalate privileges in GX Group GPON ONT 2122A T2122-V1.26EXL.
CVE-2022-2455 The business logic of handling large repositories in GitLab before 15.1.6, 15.2.4, and 15.3.2 allowed an authenticated and authorized user to access sensitive data.
CVE-2022-3330 An inaccessible note in Gitlab CE/EE can affect all versions 15.0-15.2.5, 15.3-15.3.4, and 15.4-15.4.1.
CVE-2020-35539 Wordpress 5.1 has a security flaw that leaks client IP address in X-Forwarded-For header.
CVE-2019-14841 An attacker can change their role in the RHDM.
CVE-2022-2533 An issue was discovered in GitLab before 12.10, 15.2, 15.3, and 15.4.
CVE-2022-3060 An authenticated attacker can create content in Error Tracking in GitLab CE/EE that could cause a victim to make unintended requests.
CVE-2022-3066 An issue was discovered in GitLab starting from 10.0 before 15.2.5, 15.3 before 15.3.4, 15.4 before 15.4.1.
CVE-2022-42221 The R6400 v1.1.0.114_1.0.1 router has an Incorrect Access Control vulnerability, which is a command injection vulnerability.
CVE-2022-2428 An attacker can make HTTP requests as a tag in the Jupyter Notebook viewer in GitLab EE/CE before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 is affected.
CVE-2022-3293 Email addresses were leaked in WebHook logs in GitLab EE prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.
CVE-2022-2592 Snippet descriptions in GitLab CE/EE prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 have a lack of length validation which can be abused by attackers to create maliciously large Snippets.
CVE-2022-2931 A DOS vulnerability was discovered in GitLab before 15.1.6, 15.2.4, 15.3.2.
CVE-2022-3331 An issue was found in GitLab EE versions before 15.2.4, 15.3.2, and 14.5 before 15.1.6.
CVE-2022-3351 Issue in 13.7, 15.3.4, 15.4.1, and earlier versions.
CVE-2022-2865 An issue with cross-site scripting has been found in GitLab CE/EE prior to 15.3.2, 15.2 to 15.2.4, and 15.1.6.
CVE-2022-2630 An access control issue in GitLab CE/EE older than 15.2.4 and 15.3.2 that allows disclosure of confidential information via the Incident timeline events.
CVE-2022-3291 Data in GitLab EE older than 15.2.5, 15.3.4, and 15.4.1 can be leaked via the cache.
CVE-2022-3288 The branch/tag name confusion in GitLab CE/EE older than 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows attackers to manipulate pages where the default branch would be expected.
CVE-2022-2908 An attack in Gitlab CE/EE versions starting from 10.7 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1 could result in high CPU usage.
CVE-2022-42167 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVE-2022-42237 An SQL injection issue in Merchandise Online Store v.1.0 allows attackers to log in to the admin account.
CVE-2022-41542 devhub 0.102.0 was discovered to contain a broken session control.
CVE-2022-3554 X.org libX11 has a vulnerability that leaks memory.
CVE-2022-3550 An issue in X.org Server was found, which involves the function _GetCountedString of xkb.c. The manipulation leads to a buffer overflow, which is recommended to fix.
CVE-2022-42165 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVE-2022-3555 X.org libX11 has a vulnerability. Manipulation of the argument dpy leads to memory leak.
CVE-2022-3542 An issue with the bnx2x_tpa_stop function of the BPF driver is found in the Linux Kernel. The vulnerability leads to a memory leak.
CVE-2022-3139 We're Open! plugin before 1.42 has settings that could allow high privilege users to perform Stored Cross-site Scripting attacks.
CVE-2022-3541 A critical Linux Kernel vulnerability has been found, affecting the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free.
CVE-2022-3546 The component Create User Handler has a vulnerability that allows for some unknown functionality to be accessed. This could be used to steal user information.
CVE-2022-3543 A vulnerability in the Linux Kernel was found, which affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c. The vulnerability leads to a memory leak.
CVE-2022-2052 Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords
CVE-2022-39052 An external attacker can send a malicious email that can crash the system.
CVE-2022-3531 A vulnerability was found in Linux Kernel, which is classified as problematic. The manipulation leads to memory leak.
CVE-2022-3533 An issue was found in the Linux Kernel. It is rated as problematic. The function parse_usdt_arg of the file tools/lib/bpf/usdt.c has a memory leak when the argument reg_name is manipulated.
CVE-2022-3534 A critical vulnerability has been found in the Linux Kernel's btf_dump_name_dups function. It can lead to use after free.
CVE-2022-3281 WAGO PFC100/200, Touch Panel 600, CC100 and Edge Controller are prone to a loss of MAC-Address-Filtering after reboot.
CVE-2022-42983 Spoofing JWT Tokens allows attackers to bypass login authentication.
CVE-2022-42975 socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding
CVE-2022-3527 a vulnerability in Linux kernel, which affects ipneigh_get function of ip/ipneigh.c component of iproute2. Manipulation leads to memory leak.
CVE-2022-3530 An issue was found in the Linux kernel ip/ipaddress.c function ipaddr_link_get and leads to memory leak.
CVE-2022-3521 A vulnerability has been found in Linux Kernel and is classified as problematic. The kcm_tx_work function of the net/kcm/kcmsock.c component kcm can be manipulated to lead to a race condition.
CVE-2022-3523 The Linux Kernel was found to have a vulnerability. The vulnerability is in mm/memory.c of the Driver Handler component. The vulnerability causes use after free.
CVE-2022-3524 An issue was found in the Linux Kernel IPv6 renewal functionality. A memory leak vulnerability can be triggered by sending a specially crafted packet.
CVE-2022-42969 The py library through 1.11.0 for Python lets attackers conduct a ReDoS attack via a Subversion repository with crafted info data.
CVE-2022-41323 In Django 3.2.x before 3.2.16, 4.0.x before 4.0.8, and 4.1.x before 4.1.2,
CVE-2022-42968 Gitea before 1.17.3 does not sanitize and escape refs in the git backend
CVE-2017-20149 The Mikrotik RouterOS web server can be vulnerable to memory corruption, aka Chimay-Red, if a remote and unauthenticated user sends a crafted HTTP request.
CVE-2022-41436 An issue in TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via the URL http://device_ip/index1.html.
CVE-2022-38442 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-39311 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-35712 ColdFusion versions Update 14 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could compromise the user's system.
CVE-2022-38418 ColdFusion versions Update 14 and earlier are affected by an 'Improper Limitation of a Pathname to a Restricted Directory' vulnerability that could allow arbitrary code execution.
CVE-2022-38447 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38448 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-35698 Adobe Commerce versions 2.4.4-p1 and 2.4.5 are affected by a Stored XSS vulnerability.
CVE-2022-38446 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38443 Dimension 3.4.5 is vulnerable to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass ASLR.
CVE-2022-38422 ColdFusion versions Update 14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory vulnerability. This could result in information disclosure.
CVE-2022-42340 Adobe ColdFusion versions Update 14 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read.
CVE-2022-35691 Adobe Acrobat versions 22.002.20212 and earlier are affected by a NULL Pointer Dereference vulnerability.
CVE-2022-39310 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-38445 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-39309 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-38677 In cell service, there is a missing permission check
CVE-2022-39128 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39126 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39123 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39109 In Music service, there is a missing permission check
CVE-2022-39124 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39120 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38670 In soundrecorder service, there is a missing permission check
CVE-2022-2984 In jpg driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39115 In Music service, there is a missing permission check
CVE-2022-39111 In Music service, there is a missing permission check
CVE-2022-38679 In music service, there is a missing permission check
CVE-2022-39110 In Music service, there is a missing permission check
CVE-2022-38671 In camera driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39107 In Soundrecorder service, there is a missing permission check
CVE-2022-38673 In face detect driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38672 In face detect driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-41477 A security issue was discovered in WeBid <=1.2.2
CVE-2022-39112 In Music service, there is a missing permission check
CVE-2022-39108 In Music service, there is a missing permission check
CVE-2022-39105 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39080 In messaging service, there is a missing permission check
CVE-2022-38697 In messaging service, there is a missing permission check
CVE-2022-2850 An attacker can exploit a NULL pointer dereference in the Content Synchronization plugin to cause a denial of service.
CVE-2022-2963 A vulnerability found in jasper
CVE-2022-41302 An OOB vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure.
CVE-2022-20397 An out of bounds write in SitRilClient_OnResponse could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-41304 An OOB write vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution or information disclosure.
CVE-2021-27406 An attacker can take advantage of versions 1.4.1.0 and earlier to send a config command from the local host to force the back-end server to initialize a new openVPN instance.
CVE-2022-41306 Malicious PCT file could lead to memory corruption vulnerability by write access violation.
CVE-2022-42234 There is a file inclusion vulnerability in the template management module in UCMS 1.6
CVE-2022-41307 Malicious PKT file could lead to memory corruption vulnerability by read access violation.
CVE-2022-41580 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-41602 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41600 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41593 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41598 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41601 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41603 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41592 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-38998 The HISP module has a vulnerability where it doesn't verify data in kernel space and can lead to an out-of-bounds read, affecting data confidentiality.
CVE-2021-46840 The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification. Successful exploitation may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-42067 The birth certificate management system version 1.0 has an IDOR vulnerability.
CVE-2022-41577 The kernel server has a vulnerability of not verifying the length of data transferred in the user space, which may cause an out-of-bounds read and device confidentiality and availability.
CVE-2022-41584 The kernel module has an out-of-bounds read vulnerability. Successful exploitation may cause memory overwriting.
CVE-2022-38985 The facial recognition module has a vulnerability in input validation, which may affect data confidentiality.
CVE-2022-41589 The DFX unwind stack has a vulnerability in interface calling that affects system services and device availability.
CVE-2022-38980 The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol. Successful exploitation may allow attackers to obtain process control permissions.
CVE-2022-38977 The HwAirlink module has a heap overflow vulnerability. Successful exploitation may cause out-of-bounds writes, which may lead to modification of sensitive data.
CVE-2022-38981 The HwAirlink module has an out-of-bounds read vulnerability. Successful exploitation may cause information leakage.
CVE-2022-41581 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-39065 An unresponsive TRÅDFRI gateway can make connected lighting controls non-functional.
CVE-2022-41578 The MPTCP module has an out-of-bounds write vulnerability. Successful exploitation may lead to privilege escalation attacks.
CVE-2022-41585 The kernel module has an out-of-bounds read vulnerability. Successful exploitation may cause memory overwriting.
CVE-2022-41582 The security module has configuration defects, which may affect system availability.
CVE-2022-42071 The CMS version 1.0 has a XSS vulnerability.
CVE-2022-42464 OpenHarmony 3.1.2 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker.
CVE-2022-42488 OpenHarmony has a permission validation vulnerability in the param service of the startup subsystem.
CVE-2022-42069 A birth certificate management system version 1.0 has a XSS vulnerability.
CVE-2022-2879 Read doesn't limit the maximum size of file headers. This can lead to memory exhaustion or crashes.
CVE-2022-28760 On-Premise Meeting Connector MMR 4.8.20220815 contains an improper access control vulnerability.
CVE-2022-35042 An attacker could send a crafted request to /release-x64/otfccdump+0x4adb11 to overflow the heap and execute arbitrary code.
CVE-2022-35046 An attacker can overflow a heap buffer in otfccdump+0x6b0466 via /release-x64. END
CVE-2022-35040 An attacker could overflow a heap buffer with OTFCC-Dump's /release-x64 command.
CVE-2022-35055 An attacker can overflow a heap buffer with OTFCC commit 617837b, which is a VRP tool.
CVE-2022-35053 Heap buffer overflow in commit 617837b of otfccdump was discovered.
CVE-2022-35059 An overflow was discovered in OTFCC commit 617837b that was used in an exploit.
CVE-2022-35041 The commit 617837b in OTFCC was found to have a heap buffer overflow.
CVE-2022-35045 An attacker could overflow a heap buffer in otfccdump via /release-x64/otfccdump+0x6b0d63.
CVE-2022-35054 Heap buffer overflow in OTFCC commit 617837b was discovered to be vulnerable.
CVE-2022-35050 An attacker sent a 0x6b04de heap buffer overflow to commit 617837b in order to gain remote code execution.
CVE-2022-35048 An attacker can overflow a buffer with 0x6B0B2C in OTFCC commit 617837b to crash the application.
CVE-2022-35049 The commit 617837b of OTFCC was discovered to contain a heap buffer overflow.
CVE-2022-35056 An attacker could exploit a heap buffer overflow in OTFCC commit 617837b to compromise the user's system.
CVE-2022-3439 Allocating resources without limits or throttling in a GitHub repository prior to 2.5.0.
CVE-2022-37602 The key variable in grunt-karma.js is Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1.
CVE-2022-3503 SourceCodester's Supplier Handler has a vulnerability that is revealed as problematic.
CVE-2022-2780 Octopus Server is vulnerable to an NTLM relay attack if a user uses the Git Connectivity test on the VCS project.
CVE-2022-3497 A vulnerability was found in SourceCodester HRMS 1.0. It is problematic. The affected function is unknown.
CVE-2022-32177 v2.5.1-2.5.3beta is vulnerable to Unrestricted File Upload, which can lead to execution of javascript code.
CVE-2022-41674 An issue was discovered in the Linux kernel through 5.19.11
CVE-2022-39302 Ree6 is a moderation bot. It would allow other server owners to create configurations such as "Better Audit Logging," which contains a channel from another server as a target.
CVE-2022-42720 Local attackers could use refcounting bugs in the mac80211 stack to trigger use-after-free conditions.
CVE-2022-42722 Local attackers could inject WLAN frames into the mac80211 stack to cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
CVE-2022-42721 A BSS handling bug could be used by local attackers to corrupt a linked list and execute code.
CVE-2022-34021 Multiple XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server 4.1.1000114 via the form fields.
CVE-2022-42719 An use-after-free in the mac80211 stack could be used by attackers to crash the kernel and execute code.
CVE-2022-35611 CSRF in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.
CVE-2022-39201 Grafana could leak the authentication cookie of users to plugins before versions 8.5.14 and 9.1.8.
CVE-2022-39229 Grafana old versions let one user block another user's login attempt by registering someone else's email address as a username.
CVE-2022-39278 The Istio service mesh manages traffic, enforces policies, and collects telemetry.
CVE-2022-35134 Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
CVE-2022-39295 Knowage is an open source suite for modern business analytics alternative over big data systems
CVE-2022-35135 An attacker can escalate privileges in the Boodskap IoT Platform v4.4.9-02 by sending a crafted request to /api/user/upsert/uuid>.
CVE-2022-39300 SAML is a library based on SAML v2 that can be bypassed by a remote attacker using passport-saml.
CVE-2022-41496 iCMS v7.0.16 had an SSRF attack via the admincp.php url parameter.
CVE-2022-3456 Allocating resources without limits or throttling in a GitHub repository prior to 2.5.0.
CVE-2022-3457 Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.
CVE-2022-41483 AnAC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 had a buffer overflow in the 0x4a12cc function.
CVE-2022-42156 The D-Link COVR 1200,1203 v1.08 had a command injection vulnerability via the tomography_ping_number parameter of SetNetworkTomographySettings.
CVE-2022-42159 The D-Link COVR 1200,1202,1203 has a predictable seed in a Pseudo-Random Number Generator.
CVE-2022-42160 D-Link COVR 1200,1202,1203 v1.08 has a command injection vulnerability in SetNTPServerSettings that could be exploited by an attacker.
CVE-2022-39293 Azure RTOS USBX is a high-performance USB host, device, and on-the-go embedded stack that is fully integrated with Azure RTOS ThreadX.
CVE-2022-41484 Tenda AP500 US was found to have a buffer overflow in 0x32384 function.
CVE-2022-41485 An AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 with a buffer overflow was discovered.
CVE-2020-26844 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26846 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26845 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26848 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26853 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26842 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26850 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26843 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26849 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26847 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26859 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26860 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26856 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26861 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26840 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26854 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26855 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26839 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26841 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26858 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26865 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26857 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26863 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26862 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2022-3493 A vulnerability was found in SourceCodester HRMS 1.0. This affects some unknown component processing.
CVE-2022-3492 A critical vulnerability was found in SourceCodester HRMS 1.0. The vulnerability affects unknown code of the component Profile Photo Handler.
CVE-2022-41473 An XSS vulnerability was found in RPCMS v3.0.2's Search function.
CVE-2021-20030 GMS is vulnerable to file path manipulation and can be accessed by an unauthenticated attacker.
CVE-2022-3473 A critical vulnerability has been found in SourceCodester HRMS system. The manipulation of the argument ci leads to sql injection.
CVE-2022-3472 A critical vulnerability was found in SourceCodester HRMS system. The file city.php is manipulated by the argument cityedit, leading to sql injection.
CVE-2022-42899 Out-of-bounds read and stack overflow in Bentley MicroStation and MicroStation-based applications could lead to information disclosure and code execution.
CVE-2022-42901 MicroStation and MicroStation-based applications could be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. This could lead to information disclosure and code execution.
CVE-2022-42902 In LavA before 2022.10, there is dynamic code execution in lav_server/lavatable.py.
CVE-2022-42906 Powerline Gitstatus before 1.3.2 has an exploitable configuration that can run arbitrary commands in the project's repository.
CVE-2022-40187 Forescout's Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled.
CVE-2022-39283 FreeRDP is a library that provides a free remote desktop protocol. It might read uninitialized data and decode it as audio/video.
CVE-2021-36369 An issue was found in Dropbear through 2020.81, which allows an SSH server to change the login process.
CVE-2018-18446 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
CVE-2022-31228 Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability
CVE-2022-32493 Dell BIOS contains an Stack-Based Buffer Overflow vulnerability
CVE-2022-34390 Dell BIOS contains a use of uninitialized variable vulnerability
CVE-2022-33921 Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities
CVE-2022-37601 The name variable in parseQuery.js in webpack loader-utils 2.0.0 is for prototyping pollution vulnerability.
CVE-2022-41351 In ZCS 8.8.15, at the URL /h/calendar, one can trigger XSS by changing the value of the view and uncheck parameters.
CVE-2022-34391 Dell Client BIOS versions prior to remediated version contain an improper input validation vulnerability.
CVE-2022-32491 Dell Client BIOS contains a Buffer Overflow vulnerability
CVE-2022-42081 An AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 had a stack overflow vulnerability.
CVE-2022-2249 privilege escalation vulnerabilities were found in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges.
CVE-2022-42079 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to have a stack overflow.
CVE-2022-42080 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 has a heap overflow vulnerability.
CVE-2022-42715 An XSS vulnerability is present in REDCap's Alerts & Notifications upload feature prior to 12.04.18.
CVE-2022-40871 Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection
CVE-2022-2720 In Octopus Server affected versions, when a sensitive value is a substring of another value, only part of the sensitive value is masked.
CVE-2022-3458 An unknown vulnerability in SourceCodester Human Resource Management System 1.0 affects the file /employeeview.php of the Image File Handler component.
CVE-2022-37611 Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.
CVE-2022-40469 iKuai8 v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.
CVE-2022-40440 An XSS vulnerability was found in v4.2.2 of the Graph Visualization tool.
CVE-2022-41532 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability where id was used to delete plans.
CVE-2022-41606 HashiCorp Nomad and Nomad Enterprise up to 1.2.12 and 1.3.5 can crash client agents with invalid S3 or GCS URLs.
CVE-2022-37617 Pollution vulnerability in thlorenz browserify-shim 3.8.15 via k variable in resolve-shims.js.
CVE-2022-41404 An issue in the fetch() method in org.ini4j before v0.5.4 allows attackers to cause a DoS.
CVE-2022-42717 An issue was found in Hashicorp Packer 2.3.1 before the recommended sudoers configuration for Vagrant on Linux.
CVE-2022-41384 The d8s-domains package had a backdoor in the democritus-urls package.
CVE-2022-41385 The d8s-html package had a backdoor, the democritus-urls package.
CVE-2022-42044 The d8s-asns package had a backdoor from a third party, democritus-html.
CVE-2022-41382 The d8s-json package had a backdoor--the democritus-file-system package.
CVE-2022-41381 The d8s-utility package has a backdoor from a third party. The backdoor is democritus-file-system.
CVE-2022-41380 d8s-yaml has a backdoor. It is democritus-file-system.
CVE-2022-41386 The d8s-utility package had a backdoor, the democritus-urls package.
CVE-2022-41387 The d8s-pdfs package had a backdoor in the democritus-urls package.
CVE-2022-42041 d8s file system package had a backdoor from a third party, democritus-hashes.
CVE-2022-42043 d8s-xml had a backdoor from democritus-html.
CVE-2022-42036 The d8s-urls package contains a backdoor. The democritus-csv package is the backdoor.
CVE-2022-42038 The d8s-ip-addresses package has a backdoor: democritus-csv.
CVE-2022-42042 d8s-networking had a backdoor added by a third party. The backdoor is democritus-hashes.
CVE-2022-42039 The d8s-lists package had a backdoor from a third party. The democritus-dicts package is a backdoor.
CVE-2022-41383 The d8s-archives package had a backdoor from a third party, democritus-file-system.
CVE-2022-41173 Memory management issues in AutoCAD can lead to application crash.
CVE-2022-39013 Under certain conditions an authenticated attacker can get access to OS credentials
CVE-2022-41204 An attacker can change the content of an SAP Commerce version 1905, 2005, 2105, 2011, 2205, login page, by injecting code that redirects submissions from the affected login form to their own server.
CVE-2022-41176 Due to memory mismanagement, Enhanced Metafile files received from untrusted sources can crash the application and tempora END>
CVE-2022-39807 The victim's lack of memory management can cause the application to crash when they open a SolidWorks Drawing file from an untrusted source.
CVE-2022-41198 SketchUp files can be memory-compromised and RCE can be triggered when victims open them.
CVE-2022-41196 Memory management issues can cause a VRML Worlds file to be opened by a victim and result in a Remote Code Execution.
CVE-2022-39803 Memory management issues in ACIS Part and Assembly files make it possible for a victim to be exploited and executed remote code.
CVE-2022-41179 Memory management problems can lead to RCE when a victim opens a file from an untrusted source.
CVE-2022-41193 Memory management issues in EPS files can lead to RCE in SAP 3D Visual Enterprise Viewer - version 9.
CVE-2022-41180 Memory management issues in SAP can cause a victim to open a .pdf file from an untrusted source, which can lead to a RCE.
CVE-2022-41170 memory management can lead to RCE on CATIA4 Part .model files opened from untrusted sources.
CVE-2022-41177 Memory management issues in Iges Part and Assembly files can lead to RCE.
CVE-2022-41186 Computer Graphics Metafile files sent by malicious attackers can be exploited to trigger a Remote Code Execution.
CVE-2022-31682 VMware Aria Operations contains an arbitrary file read vulnerability
CVE-2022-35226 SAP Data Services Management allows an attacker to copy data from a request and echo it into the application's response, leading to a XSS vulnerability.
CVE-2022-35296 The SAP BusinessObjects Version Management System can expose sensitive information to a high-privileged user who isn't explicitly authorized to see it.
CVE-2022-41181 Memory management in PDF files can cause 3D Visual Enterprise Author to crash.
CVE-2022-41183 The memory management of the victim's computer is poor, which makes it possible for the application to crash and become temporally unresponsive.
CVE-2022-39804 Due to memory management issues, victims of SolidWorks Part files from untrusted sources can be compromised with RCE.
CVE-2022-39802 SAP MES version 15.1, 15.2, 15.3 has an exploitable file path parameter vulnerability. The attacker can manipulate the file path to access arbitrary files on the server.
CVE-2022-41187 Memory management issues can lead to RCE when a victim opens a file containing a malicious ObjTranslator.exe.
CVE-2022-39808 It's possible that a victim opening a Wavefront Object file from untrusted sources could be exploited via Remote Code Execution.
CVE-2022-39806 An attacker can send a SAP 3D Visual Enterprise Author file that can be opened by the victim and execute remote code.
CVE-2022-41172 Memory management issues in AutoCAD can lead to RCE when a victim opens a file from untrusted sources.
CVE-2022-20416 AudioTransportsToHal in HidlUtils.cpp has a possible out of bounds write due to a bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20433 There is an missing authorization issue in the system service
CVE-2022-20435 There is a Unauthorized service in the system service, may cause the system reboot
CVE-2022-20434 There is an missing authorization issue in the system service
CVE-2022-20425 ZenModeHelper could have a performance degradation due to resource exhaustion. This could lead to local denial of service with User execution privileges needed.
CVE-2022-20431 There is an missing authorization issue in the system service
CVE-2022-20413 In Threads.cpp, there is a logic error that could lead to local information disclosure with user execution privileges.
CVE-2022-20409 in io_identity_cow of io_uring.c, there is a possible way to corrupt memory and get local escalation of privilege with System execution privileges.
CVE-2022-20394 In IMEService.java, there is a check for permissions when another app shows an IME. This can be used to determine when another app is showing an IME.
CVE-2022-20412 fdt_next_tag could have an out of bounds read due to a bounds check error. This could lead to privilege escalation with System execution privileges needed.
CVE-2020-14129 A logic vulnerability exists in a Xiaomi product
CVE-2022-20415 There is a logic error in the code of StatusBarNotificationActivityStarter that starts activity from background.
CVE-2022-20418 In the pickStartSeq of AAVCA assembler, there is a possible out of bounds read. This could lead to remote information disclosure with no additional execution privileges needed.
CVE-2022-20439 Messaging has an unauthorized provider, which could cause Local Deny of Service.
CVE-2022-20438 Messaging has unauthorized broadcast, which can cause Local Deny of Service.
CVE-2021-0951 DevmemIntHeapAcquire could have an overflow that could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2020-14131 The Xiaomi Security Center thanks ADLab for their help and welcome more security experts to join the Mi Security Center to make sure safety is maintained.
CVE-2022-20430 There is an missing authorization issue in the system service
CVE-2022-38038 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-37990 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38036 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.
CVE-2022-37973 Windows Local Session Manager (LSM) Denial of Service Vulnerability
CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability.
CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability.
CVE-2022-33634 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-37997 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-38000 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability.
CVE-2022-3453 An issue was found in SourceCodester Book Store Management System 1.0. This affects unknown processing of the file /transcation.php.
CVE-2022-42235 An XSS issue in Student Clearance System v.1.0 allows for arbitrary JavaScript to be injected in the registration form.
CVE-2022-42238 An issue in VOPE 1.0 allows access to the admin dashboard.
CVE-2022-42236 An Arbitrary JavaScript issue in Merchandise Online Store v.1.0 allows to injection of Stored XSS.
CVE-2022-41376 UI v4.4.0 to v4.5.0 contains an XSS vulnerability.
CVE-2022-34427 Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries
CVE-2022-34432 Dell Hybrid Client below 1.8 version contains a gedit vulnerability
CVE-2022-34434 The Dell Cloud Mobility for Postgres database has an Improper Access Control vulnerability.
CVE-2022-34431 Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability
CVE-2022-34430 Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI
CVE-2022-38388 An IBM Navigator Mobile app could allow a local user to get sensitive information due to improper access control.
CVE-2022-3358 OpenSSL custom cipher can be created with the EVP_CIPHER_meth_new() function and function calls.
CVE-2022-33749 XAPI can hit its file-limit unauthenticated client.
CVE-2022-33746 The P2M pool backing second level address translation for guests may be of significant size, thus freeing may take more time than is reasonable.
CVE-2022-33748 An error handling path was added that neglected to pay attention to locking requirements.
CVE-2022-36360 Vulnerability in LOGO! 8 BM (incl. SIPLUS variants) firmware updates checks authenticity.
CVE-2022-31766 Vulnerabilities have been found in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, and SCALA END>
CVE-2022-36362 Vulnerability in LOGO! 8 BM (All versions) that doesn't validate certain interactions.
CVE-2022-41851 Vulnerabilities have been identified in JTTK, Simcenter Femap V2022.1, V2022.2.
CVE-2022-40631 Vulnerability in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, and SCALANCE X202-2P IRT.
CVE-2022-40227 A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl
CVE-2022-40226 V3.10 has a vulnerability.
CVE-2022-40176 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-37864 Vulnerability in Solid Edge. Application contains an out of bounds write past the heap-based buffer while parsing DWG files.
CVE-2022-36361 An exploit could be used to crash a device.
CVE-2022-36363 An offset value can be defined in TCP packets when calling a method, which is not properly validated in LOGO! 8 BM affected devices.
CVE-2022-38371 An arbitrary file download vulnerability has been found in Nucleus NET, Nucleus ReadyStart V3, Nucleus Source Code.
CVE-2022-40147 V1.5.1 of Industrial Edge Management doesn't validate server certificates when initiating a TLS connection.
CVE-2022-40177 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-31765 Affected devices do not properly authorize the change password function of the web interface
CVE-2022-40182 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-40181 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-38465 Vulnerability in SIMATIC Drive Controller family (All versions V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), and SIMATIC ET 200SP Open Controller CPU 1515SP PC2.
CVE-2022-35289 A write-what-where condition in hermes caused by an integer overflow allows attackers to execute arbitrary code.
CVE-2022-32234 An out of bounds write in hermes handling large arrays allows attackers to execute arbitrary code.
CVE-2021-35226 An entity in NPM is misconfigured and is exposing the password field to SWIS.
CVE-2022-3433 The aeson library is not safe to use to consume untrusted JSON input
CVE-2022-20915 An IPv6 vulnerability in 6VPE with ZBFW could cause a DoS attack.
CVE-2022-20944 Vulnerability in Cisco IOS XE Software image verification could allow unauthenticated, physical attacker to execute unsigned code at system boot time.
CVE-2022-20864 ROMMON has a vulnerability that could allow an attacker to recover the configuration or reset the enable password.
CVE-2022-20920 The vulnerability in SSH could allow an attacker to cause an affected device to reload.
CVE-2022-20830 An unauthenticated, remote attacker could access the GUI of Cisco SD-AVC.
CVE-2022-20870 An vulnerability in egress MPLS packet processing of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
CVE-2022-39288 Fastify is a low overhead Node.js framework. Malicious use of the Content-Type header can be used to deny service.
CVE-2022-2823 The MetaSlider WordPress plugin before 3.27.9 is vulnerable to Stored Cross-site Scripting attacks, which could be possible by admin users.
CVE-2022-41748 The Trend Micro Apex One DLP module has a registry permissions vulnerability that could allow local attackers with administrative credentials to bypass anti-tampering mechanisms.
CVE-2022-41746 An attacker with access to the console on an affected installation could escalate privileges and modify agent groupings.
CVE-2022-34425 Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH
CVE-2022-34402 Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI
CVE-2022-40257 An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4
CVE-2022-26121 Vulnerability in FortiAnalyzer and FortiManager GUI 7.0.0 - 7.0.3, 6.4.0 - 6.4.8, 6.2.0 - 6.2.9, 6.0.0 - 6.0.11, 5.6.0 - 5.6.11 may allow an unauthenticated and remote attack.
CVE-2021-44171 In previous versions, special elements used in the os command could be manipulated to subvert the os command. This issue was fixed in the latest releases.
CVE-2022-42725 The Warpinator through 1.2.14 allows access outside of an intended directory by using symbolic links.
CVE-2022-42011 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42012 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42010 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42703 The mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
CVE-2022-3435 An issue has been found in the Linux Kernel's IPV4 handler that involves an out-of-bounds read.
CVE-2022-39281 Fat Free CRM's older versions had an authenticated user's remote Denial of Service attack via bucket access.
CVE-2022-41442 Cross-site scripting vulnerability in the setting controller in Uploader v2.6.3.
CVE-2022-39285 The file parameter is vulnerable to a XSS vulnerability by backing out of the current "tr" and "td" brackets.
CVE-2022-3276 In earlier versions of the puppetlabs-mysql module, injection attacks are possible if malicious actors provide unsanitized input.
CVE-2022-3275 Injecting malicious code in the puppetlabs-apt module before version 9.0.0 is possible if the actor is able to provide unsanitized input.
CVE-2022-39290 Zoneminder is a free, open source Closed-circuit television software application. In affected versions, users can bypass CSRF keys by modifying the request.
CVE-2022-41574 An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows attackers to prevent backups from happening and send emails with arbitrary text content to the configured installation-administrator contact address.
CVE-2022-31681 VMware ESXi contains a null-pointer deference vulnerability
CVE-2022-31680 The vCenter Server has an unsafe deserialization vulnerability in the PSC.
CVE-2022-26452 In ISP, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges.
CVE-2022-36634 An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to create admin users.
CVE-2022-32589 Wi-Fi driver has a hidden bug that could lead to DoS with no user interaction needed.
CVE-2022-32592 dvfs in cpu could write out of bounds, which could lead to local escalation of privilege with System privileges needed. User interaction is not needed for exploitation.
CVE-2022-26473 In vdec fmt, there is a use after free due to improper locking. This could lead to local escalation of privileges with System execution privileges.
CVE-2022-41377 The App v1.0 was found to have a SQL injection vulnerability via the id parameter.
CVE-2022-42075 Wedding Planner v1.0 is vulnerable to has arbitrary code execution.
CVE-2022-37895 An DoS vulnerability exists in Aruba's handling of certain SSID strings.
CVE-2022-37896 An exploit could allow a remote attacker to conduct a XSS attack on users of the interface.
CVE-2022-37894 An DoS vulnerability exists in Aruba's handling of certain SSID strings.
CVE-2020-15855 Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
CVE-2022-37889 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-37885 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-37886 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-37891 Buffer overflows in the Aruba InstantOS and ArubaOS 10 web management interface.
CVE-2021-40166 Malicious Png files may be used to attempt to free an already freed object.
CVE-2021-40163 An attack can exploit DLL memory corruption to execute arbitrary code.
CVE-2022-37890 Buffer overflows in the Aruba InstantOS and ArubaOS 10 web management interface.
CVE-2021-40162 Malicious TIF, PICT, TGA, or RLC files in the Autodesk Image Processing component may be read beyond allocated boundaries.
CVE-2022-37892 An vulnerability in Aruba InstantOS and ArubaOS 10 could allow an unauthenticated attacker to conduct a XSS attack.
CVE-2021-40165 Malicious TIFF, PICT, TGA, or RLC files may be used to write beyond the allocated buffer.
CVE-2022-41414 The default in Liferay Portal v7.0.0 through v7.4.2 is insecure, allowing attackers to enumerate usernames, site names, and pages.
CVE-2022-36772 In IBM InfoSphere Information Server 11.7, users with admin/privileged access could access sensitive information.
CVE-2022-22493 IBM WebSphere Automation for Cloud Pak is vulnerable to cross-site request forgery due to improper cookie attribute setting.
CVE-2022-30613 IBM QRadar SIEM 7.4 and 7.5 could leak sensitive information via a local service to a privileged user.
CVE-2022-41291 IBM InfoSphere Information Server 11.7 doesn't invalidate sessions after logout which could allow an authenticated user to impersonate another user.
CVE-2022-22480 IBM QRadar SIEM 7.4 and 7.5 data node rebalancing doesn't work correctly with encrypted hosts, which could lead to information disclosure.
CVE-2022-39854 IOMMU before SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
CVE-2022-39851 The CocktailBarService has an improper access control vulnerability that allows a local attacker to bind a service that requires the BIND_REMOTEVIEWS permission.
CVE-2022-39877 An access control vulnerability in Group Sharing prior to version 13.0.6.15 allows attackers to identify the device.
CVE-2022-39873 In Samsung Internet prior to version 18.0.4.14, improper authorization vulnerability allows attackers to add bookmarks in secret mode.
CVE-2022-39850 In mom_container_policy service, improper access control allows unauthorized read of configuration data.
CVE-2022-39848 In AT_Distributor prior to SMR Oct-2022 Release 1, exposure of sensitive information allows local attacker to access SerialNo.
CVE-2022-39849 Knox VPN policy service had improper access control, which allowed unauthorized read of configuration data.
CVE-2022-39870 An improper access control vulnerability in the cloud Notification Manager of SmartThings v1.7.89.0 allows attackers to access sensitive information.
CVE-2022-39852 The heap-based overflow in libagifencoder.quram in SMR Oct-2022 Release 1 allows attacker to execute code.
CVE-2022-39859 UPHelper library before 3.0.12 has an implicit intent hijacking vulnerability. An attacker can access sensitive information.
CVE-2022-39875 Samsung Account has an improper component protection vulnerability that allows attackers to logout.
CVE-2022-39865 In prior versions of SmartThings, attackers can access sensitive information via implicit broadcasts.
CVE-2022-39867 In SmartThings 1.7.89.0, attackers can access sensitive information via a SHOW_PERSISTENT_BANNER broadcast.
CVE-2022-39868 In GedSamsungAccount.kt SmartThings prior to version 1.7.89.0, attackers can access sensitive information via implicit broadcast.
CVE-2022-3423 Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0.
CVE-2022-3422 Account Takeover :: when see the info i can see the hash pass i can creaked it
CVE-2022-40872 An SQL injection issue was found in Sourcecodester Simple E-Learning System 1.0. in /vcs/classRoom.php?classCode=.
CVE-2022-3414 The vulnerability is in the file /Admin/login.php of the component POST Parameter Handler. It is critical.
CVE-2022-2928 In ISC DHCP 4.4.0 to 4.4.3, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field.
CVE-2022-26238 The default privileges of Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allow non-privileged users to overwrite and manipulate executables and libraries.
CVE-2022-39284 In earlier versions of CI, setting `$secure` or `$httponly` in `Config\Cookie` isn't reflected in `set_cookie()` or `Response::setCookie()`.
CVE-2022-41525 The totolink nr1800x v9.1.0u.6279_b20210910 contains a command injection vulnerability.
CVE-2022-41522 An unauthenticated stack overflow was found in TOTOLINK NR1800X V9.1.0u.6279_B20210910.
CVE-2022-41526 An attacker sent the malicious IP address to TOTOLINK and got a V9.1.0u.6279_B20210910 firmware with a stack overflow.
CVE-2022-41528 An attacker exploited a stack overflow vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 to send a malicious text message.
CVE-2022-41527 The TOTOLINK NR1800X V9.1.0u.6279_B20210910 had an authenticated stack overflow.
CVE-2022-41524 An overflow was discovered in TOTOLINK NR1800X V9.1.0u.6279_B20210910 that involves the week, sTime, and eTime parameters in the setParentalRules function.
CVE-2022-41523 TOTOLINK NR1800X V9.1.0u.6279_B20210910 had an authenticated stack overflow due to the command parameter in the setTracerouteCfg function.
CVE-2022-42457 Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh.
CVE-2022-41556 Lighttpd has a resource leak that could lead to a DoS if a lot of clients use the resource to send lots of data.
CVE-2022-41521 TOTOLINK NR1800X V9.1.0u.6279_B20210910 had an authenticated stack overflow.
CVE-2022-39244 PJSIP is a library for multimedia communication. In earlier versions, the PJSIP parser, decoders, and SDP parser are vulnerable to a buffer overflow.
CVE-2022-39988 An XSS vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML.
CVE-2022-40159 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
CVE-2022-39274 LoRaMac-node is a reference implementation of a LoRa network node. Earlier versions are vulnerable to a buffer overflow.
CVE-2022-3389 Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.
CVE-2022-40158 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
CVE-2022-40161 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
CVE-2022-36774 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks due to the client proxy configuration.
CVE-2022-39280 dparse is a parser for Python dependency files. In versions before 0.5.2, there is a vulnerable regular expression.
CVE-2022-37888 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-38709 Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 is vulnerable to cross-site scripting.
CVE-2022-3396 Vulnerability in CX-Programmer 9.78 and prior may allow attacker to execute arbitrary code.
CVE-2022-31252 SUSE Linux Enterprise Server 12-SP5 chkstat has an incorrect authorization vulnerability, which did not consider group writable path components. Local attackers with access to a group wi [END]
CVE-2022-3376 Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVE-2022-32172 In versions v0.1.9 through v0.3.1 of Zinc, users are vulnerable to Stored XSS when using the delete template functionality.
CVE-2022-26240 The default privileges allow non-privileged users to overwrite and manipulate executables and libraries.
CVE-2022-2781 Octopus Server uses the same encryption process for session cookies and variables.
CVE-2022-26237 The default privileges of Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries.
CVE-2022-42247 A cross-site scripting vulnerability was found in pfSense v2.5.2.
CVE-2022-42308 An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products
CVE-2022-42299 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products
CVE-2022-42305 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products
CVE-2022-33888 Dwg2spd file processed through Autodesk DWG application could lead to memory corruption vulnerability.
CVE-2022-42307 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products
CVE-2022-40764 Snyk CLI before 1.996.0 allows arbitrary command execution. This could be exploited via viewing untrusted files in Visual Studio Code, for example.
CVE-2022-33883 Malicious files could lead to memory corruption vulnerabilities.
CVE-2022-42300 Veritas NetBackup through 10.0.0.1 can be crashed, resulting in a denial of service.
CVE-2022-40721 Arbitrary file upload vulnerability in php uploader
CVE-2022-41425 Bento4 v1.6.0-639 has a segmentation violation in mp4decrypt.
CVE-2022-41429 Bento4 v1.6.0-639 was found to have a heap overflow via the AP4_Atom::TypeFromString function.
CVE-2022-2628 The DSGVO plugin before 4.2 doesn't sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks.
CVE-2022-41430 Bento4 v1.6.0-639 has a heap overflow in mp4mux AP4_BitReader::ReadBit.
CVE-2022-41426 Bento4 v1.6.0-639 had a memory leak in the AP4_AtomFactory::CreateAtomFromStream function.
CVE-2022-41424 Bento4 v1.6.0-639 had a memory leak in mp42hls::Create.
CVE-2022-41419 Bento4 v1.6.0-639 had a memory leak in the mp4encrypt binary.
CVE-2022-40922 The LIEF v0.12.1 LIEF::MachO::BinaryParser::init_and_parse vulnerability allows attackers to cause a denial of service (DOS).
CVE-2022-40123 The v2.7 MojoPortal plugin contains a path traversal vulnerability.
CVE-2022-38817 Dapr Dashboard v0.1.0 through v0.10.0 has an Incorrect Access Control flaw that allows attackers to obtain sensitive data.
CVE-2022-39268 An attacker tricks an end user into submitting a request they did not intend to.
CVE-2022-20769 An unauthenticated, adjacent attacker could cause a DoS condition on an affected device.
CVE-2022-20848 The UDP processing vulnerability in Cisco IOS XE Software for Embedded Wireless Controllers could lead to a DoS condition.
CVE-2022-20728 An attacker who is able to spoof packets to an affected AP could inject them into a client's VLAN.
CVE-2022-40341 The v2.7 of the MojoPortal plugin contains an upload vulnerability which allows attackers to execute arbitrary code.
CVE-2022-20775 The CLI of Cisco SD-WAN is vulnerable to improper access controls, which allows local attackers to gain elevated privileges.
CVE-2022-20810 An attacker could access sensitive information if SNMP on Cisco IOS XE Wireless Controller Software is vulnerable.
CVE-2022-20847 The DHCP functionality of Cisco IOS XE Wireless Controller could be vulnerable and could cause a DoS.
CVE-2022-20945 An attacker could exploit a vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series APs to cause a DoS.
CVE-2022-20919 An vulnerability in Cisco IOS and IOS XE could allow an attacker to cause a device to unexpectedly reload or restart.
CVE-2022-20856 The CAPWAP vulnerability in Cisco IOS XE could allow an unauthenticated, remote attacker to cause a denial of service.
CVE-2022-20930 An attacker can overwrite files on an affected system if the validation of input is insufficient.
CVE-2022-20850 An attacker can delete files on an affected device if they are logged in locally.
CVE-2022-40923 LIEF v0.12.1 has a vulnerability that can cause a DOS if a MachO file is crafted to trigger a segmentation fault.
CVE-2022-20818 The CLI of Cisco SD-WAN is vulnerable to improper access controls, which allows local attackers to gain elevated privileges.
CVE-2021-33354 An htmly vulnerability allows remote attackers to delete arbitrary files.
CVE-2022-41870 App upload service ID can be modified to inject commands in AP Manager in Innovaphone before 13r2 Service Release 17.
CVE-2022-40944 Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.
CVE-2022-41848 An attacker can remove a PCMCIA device while ioctl calls race, then use-after-free happens.
CVE-2022-21222 css-what package is vulnerable to ReDoS due to the usage of insecure regular expression in re_attr of index.js
CVE-2022-24373 Reanimated 3.0.0-rc.1 package is vulnerable to Regular Expression Denial of Service due to Colors.js improper usage of regular expression.
CVE-2022-41841 An issue was discovered in Bento4 through 1.6.0-639
CVE-2022-2778 It is possible to bypass login rate limiting in Octopus Deploy v4.2.5 and later using null bytes.
CVE-2022-39232 Discourse's older versions had an incomplete quote bug that could crash the browser in some cases.
CVE-2022-39266 isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface
CVE-2022-29503 The libpthread function can lead to memory corruption.
CVE-2022-39168 IBM Robotic Process Automation clients are vulnerable to proxy credential exposure in upgrade logs.
CVE-2022-40363 The component nfc_device_load_mifare_ul_data in Flipper Zero before v0.65.2 has a buffer overflow that can cause a DoS.
CVE-2021-42049 The Translate extension through 1.36.2 has an issue where oversighters cannot undo revisions or oversight on pages where they suppressed information.
CVE-2021-42048 An issue was discovered in the Growth extension in MediaWiki through 1.36.2
CVE-2021-43403 An issue was discovered in FusionPBX before 4.5.30
CVE-2012-2160 IBM's Rational Change 5.3 is vulnerable to cross-site scripting, due to improper user input validation.
CVE-2020-15328 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
CVE-2020-15326 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem
CVE-2020-15332 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVE-2022-40279 An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)
CVE-2020-15330 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
CVE-2020-15325 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
CVE-2021-42047 An issue was discovered in the Growth extension in MediaWiki through 1.36.2
CVE-2020-15327 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
CVE-2022-40278 An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)
CVE-2022-40710 An exploit could let attackers escalate privileges on affected installations.
CVE-2022-34424 Networking OS versions 10.5.1, 10.5.2, and 10.5.3 have a vulnerability that could crash a system if a security scan is run.
CVE-2022-1270 In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
CVE-2022-39236 Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript
CVE-2022-40912 The GET parameter 'action' is not properly sanitized before being returned to the user.
CVE-2021-43980 Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18 have a concurrency bug.
CVE-2022-40082 Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function
CVE-2022-32166 OVSD versions before 2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of 'minimasks' function could lead to access to unmapped memory.
CVE-2022-39032 Smart eVision has an improper privilege management vulnerability
CVE-2022-39034 Report API has a path traversal vulnerability due to insufficient filtering of special characters in URLs.
CVE-2022-39035 The Smart eVision system has a problem filtering special characters in the POST Data parameter.
CVE-2022-39053 Heimavista Rpage has insufficient filtering for platform web URL
CVE-2022-39031 Smart eVision has insufficient authorization for task acquisition function
CVE-2022-39054 Entering special characters in a web URL leads to error message.
CVE-2022-40497 Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 had an authenticated RCE vulnerability on the Active Response endpoint.
CVE-2022-41604 Check Point ZoneAlarm Extreme Security allows local users to escalate privileges.
CVE-2022-40817 The Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still able to perform some operations like adding and removing links, tags, and answers.
CVE-2022-39835 Gajim through 1.4.7 is vulnerable to message reply spoofing. The attacker needs to be a part of the group or single chat to exploit the vulnerability.
CVE-2022-41571 An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.
CVE-2021-27854 Filtering on Layer 2 may be bypassed using VLAN 0 headers, LLC/SNAP headers, and converting from Ethernet to Wifi.
CVE-2021-27861 Filtering on IPv6 Routing and Addressing can be bypassed using invalid LLC/SNAP headers and VLAN0 headers.
CVE-2022-39258 Mailcow is a mailserver suite. An earlier vulnerability allowed an attacker to spoof Authorize links.
CVE-2022-39256 Orckestra C1 CMS is a .NET based Web Content Management System that is vulnerable to remote code execution.
CVE-2022-40050 An arbitrary file upload vulnerability was found in ZFile v4.1.1.
CVE-2022-3290 Inconsistent handling of length parameter in GitHub repository ikus060/rdiffweb before 2.4.8.
CVE-2022-3071 Tab Strip in Google Chrome on Chrome OS before 105.0.5195.52 allowed a remote attacker to exploit heap corruption after user interaction.
CVE-2022-40784 In mIPC camera firmware 5.3.1, Unlimited strcpy on user input leads to a stack buffer overflow.
CVE-2022-39245 Makedeb is the command-line interface for the Package Repository. An earlier version of the package could be abused by a local user to run commands with root permissions.
CVE-2022-3204 An NRDelegation Attack works by having a malicious delegation with a large number of non-responsive nameservers.
CVE-2022-36158 Conf Tec FXA3200 version 1.13.00 and under has Insecure Permissions in the Wireless LAN Manager which allows malicious actors to execute Linux commands with root privilege via a hidden web page.
CVE-2022-36159 In version 1.13 and under, Contec FXA3200 contains a hard coded hash password for root stored in /etc/shadow. The password is weak, so it can be cracked in few minutes.
CVE-2022-38970 ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control
CVE-2022-3301 Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVE-2022-41352 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0
CVE-2022-41347 ZCS 8.8.x and 9.x had an issue where the Sudo configuration allowed the zimbra user to execute the NGINX binary as root with arbitrary parameters.
CVE-2022-3297 Use After Free in GitHub repository vim/vim prior to 9.0.0579.
CVE-2022-41343 Dompdf before 2.0.1 allows remote file inclusion due to a font registration bug.
CVE-2022-3296 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
CVE-2022-41340 The secp256k1-js package before 1.1.0 for Node.js has ECDSA without r and s validation, which can be forged.
CVE-2022-23461 An editor in Jodit Editor is vulnerable to XSS attacks when copying specially crafted input. This issue has not been fully patched.
CVE-2022-36025 Besu is a Java-based Ethereum client subject to an Incorrect Conversion between Numeric Types.
CVE-2022-3278 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
CVE-2022-32823 An memory handling issue was fixed with iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5.
CVE-2022-40107 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function
CVE-2022-32825 The memory handling issue was fixed in iOS 15.6, iPadOS 15.6, and macOS Big Sur 11.6.8.
CVE-2022-32820 An out-of-bounds write issue was fixed with improved input validation. This issue is fixed in iOS 15.6, iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina.
CVE-2022-40100 A command injection vulnerability was found in Tenda i9 v1.0.0.8(3828).
CVE-2022-32821 An issue with memory validation in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6 has been fixed.
CVE-2022-32786 An issue in handling environment variables was addressed with improved validation in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, and macOS Monterey 12.5.
CVE-2022-32796 macOS Monterey 12.5 fixed a memory corruption issue.
CVE-2022-32849 An information disclosure issue was fixed in iOS 15.6, iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina.
CVE-2022-32852 An out-of-bounds read issue was fixed with improved input validation. This issue is fixed in macOS Monterey 12.5
CVE-2022-32807 Catalina fixed file handling issues. macOS Big Sur, Monterey 12.5 have the same issue.
CVE-2022-32848 An issue with logic checks was fixed in macOS Big Sur 11.6.8 and macOS Monterey 12.5.
CVE-2022-35097 FoFiTrueType.cc was found to have a segmentation violation.
CVE-2022-40629 The design of the Tacitine Firewall web-based management interface is insecure, and can be exploited to gain access to an affected device. This may lead to remote code execution and control of the device.
CVE-2022-35092 The WSFTools commit 772e55a2 contained a segmentation violation.
CVE-2022-40748 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
CVE-2022-36338 InsydeH2O from kernel 5.0 to 5.5 has an SMM callout vulnerability that leads to arbitrary code execution.
CVE-2022-22423 IBM CCA 5.x and 7.x could be vulnerable to aDoS due to input validation.
CVE-2022-35094 DCTStream::readHuffSym() has a buffer overflow issue and can be exploited via a heap-buffer overflow.
CVE-2022-35091 DCTStream::readMCURow() has a floating point exception.
CVE-2022-35093 DCTStream::transformDataUnit overflows a global buffer with DCTStream::transformUnicodeBlock at /xpdf/Stream.cc.
CVE-2022-2972 Automation's libIEC61850 is vulnerable to a stack-based buffer overflow. An attacker could crash the device or remotely execute arbitrary code.
CVE-2021-45035 VClient on version 28.1.3 doesn't check the certificate of authenticity by default.
CVE-2022-40628 Tacitine Firewall has a vulnerability in the web-based management interface, from 19.1.1 to 22.20.1, that allows attackers to control code generation.
CVE-2022-2973 libIEC61850 uses a NULL pointer in certain situations.
CVE-2022-2566 A heap out-of-bounds memory write exists in FFMPEG 5.1 because of the size calculation in `build_open_gop_key_points()` adding sc->ctts_data[i].count to sc->sample_offsets_count.
CVE-2022-3269 Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.
CVE-2022-39238 Arvados is an open source platform for managing and analyzing biomedical big data
CVE-2022-39227 Python-jwt module for generating and verifying JSON Web Tokens is vulnerable to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass.
CVE-2022-39230 fhir-works-on-aws-authz-smart is an implementation of the authorization interface from FHIR Works. 3.1.1 and 3.1.2 are subject to EOSI.
CVE-2022-41322 In Kitty 0.26.2, invalid desktop notification escape sequence can lead to arbitrary code execution.
CVE-2022-35951 Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow.
CVE-2022-40298 Incompetent permission inheritance in AirMedia Windows Application version 4.3.1.39 allows privilege escalation.
CVE-2022-38573 In v9.3, a buffer overflow was found in the Add Computers function.
CVE-2022-23458 Toast UI Grid is a component that displays and edits data. Versions before 4.21.3 are vulnerable to cross-site scripting attacks when pasted specially crafted content. This issue was fixed in 4.21.3.
CVE-2021-27774 User input included in error response, which could be used in a phishing attack.
CVE-2022-36062 Grafana is an open-source platform for monitoring and observability
CVE-2022-35036 An commit with 617837b was found to have a heap buffer overflow.
CVE-2022-35034 An overflow in commit 617837b of the OTFCCDump tool was found which can be used to execute arbitrary code.
CVE-2022-35032 An OTFCC commit contained a segmentation violation.
CVE-2022-40444 Zendz CMS 2022 had a full path disclosure vulnerability on the /admin/index page.
CVE-2022-40443 An attack can lead to information disclosure on /one/siteinfo.php if a user is sent a crafted GET request.
CVE-2022-3256 Use After Free in GitHub repository vim/vim prior to 9.0.0530.
CVE-2022-2266 Yordam Bilgi Teknolojileri's Library Automation System has an unauthenticated Reflected XSS vulnerability.
CVE-2022-28979 Liferay Portal versions 7.1.0 through 7.4.2, 7.2 before fix pack 15, and 7.3 before service pack 3 is vulnerable to XSS in the Custom Facet widget of the Portal Search module.
CVE-2022-35896 SMM driver memory leak vulnerability was found in Insyde InsydeH2O with kernel 5.0 and up.
CVE-2022-28982 Liferay Portal 7.3.3 through 7.4.2 and DXP 7.3 before SP3 allow attackers to execute arbitrary web scripts or HTML if a payload is injected into the name of a tag.
CVE-2022-39224 Arr-pm is a Ruby library that can be vulnerable to OS command injection, which can lead to shell execution.
CVE-2022-23949 Keylime before 6.3.0 can pass unsanitized UUIDs to rogue agents which can lead to log spoofing on the verifier and registrar.
CVE-2022-23948 A flaw was found in Keylime before 6.3.0
CVE-2022-23950 Keylime Revocation Notifier uses a fixed /tmp path for UNIX domain socket, which can be exploited by unprivileged users.
CVE-2021-43310 An attacker can reset U and V keys in the Keylime agent as if the agent were being re-added to a verifier.
CVE-2022-40616 Maximo Asset Management could allow users to bypass authentication and obtain sensitive information or perform tasks they shouldn't have access to.
CVE-2022-41249 The Jenkins SCM HttpClient Plugin 1.5 and earlier has a CSRF vulnerability that allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method.
CVE-2022-41252 Jenkins CONS3RT Plugin 1.0.0 and earlier allow users with Overall/Read permission to enumerate credentials.
CVE-2022-41251 The Apprenda Plugin has a missing permission check that allows users with Overall/Read permission to enumerate credentials IDs.
CVE-2022-41250 An error in the Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs, capturing credentials.
CVE-2022-38928 XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
CVE-2022-2888 If an attacker steals a victim's OctoPrint session cookie, they can use it to login to the account.
CVE-2022-2906 An attacker can exploit this flaw to slowly eat up available memory and crash named servers.
CVE-2022-3080 By sending specific queries to the resolver, an attacker can cause named to crash.
CVE-2022-38177 Spoofing the target resolver can lead to a memory leak.
CVE-2022-38178 Spoofing the target resolver can cause a memory leak.
CVE-2022-2795 Flooding a target resolver with queries can disrupt its performance, denying legitimate clients access to the DNS resolution service.
CVE-2022-0495 An unauthenticated SQL Injection vulnerability in KOHA developed by Parantez Teknoloji before version 19.05.03.
CVE-2022-41222 An old stale TLB attack can happen in the Linux kernel before 5.13.3. An rmap lock is not held during a PUD move.
CVE-2022-41220 md2roff 1.9 has a stack-based buffer overflow, different from CVE-2022-34913.
CVE-2022-35085 SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVE-2022-35089 The swftools commit 772e55a2 contained a heap buffer overflow via getTransparentColor.
CVE-2022-35090 Asan interceptors memcpy contains a heap buffer overflow.
CVE-2022-35087 A segmentation violation was found in the commit 772e55a2 of SWFTools.
CVE-2022-35088 The commit 772e55a2 of SWFTools contains a buffer-overflow.
CVE-2022-23695 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an attacker to conduct SQL injection attacks.
CVE-2022-23696 Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an attacker to conduct SQL injection attacks.
CVE-2022-37879 Vulnerabilities in the ClearPass Policy Manager web-based interface allow remote attackers to run arbitrary commands on the underlying host.
CVE-2022-37880 Vulnerabilities in the ClearPass Policy Manager web-based interface allow remote attackers to run arbitrary commands on the underlying host.
CVE-2022-37884 An attacker can send specific operations to the ClearPass Policy Manager Guest User Interface which result in a Denial-of-Service condition.
CVE-2022-37883 Vulnerabilities in the ClearPass Policy Manager web-based interface allow remote attackers to run arbitrary commands on the underlying host.
CVE-2020-36602 There is an out-of-bounds read and write vulnerability in some headset products that an unauthenticated attacker can exploit to get the device.
CVE-2022-30579 The Web Player component of TIBCO's Analytics Platform for AWS Marketplace and Server has a blind SQL injection vulnerability that allows a low-privileged attacker with network access to ex cute arbitrary SQL code.
CVE-2022-2154 Reject the candidate UID due to it being a reservation duplicate of CVE-2022-34345.
CVE-2017-20147 The initscript uses a PID file that's writable by the smokeping user.
CVE-2016-20015 The initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges.
CVE-2022-38916 A file upload vulnerability exists in pagekit's storage feature. An attacker can upload malicious files.
CVE-2022-3242 Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-3079 Festo control block CPX-CEC-C1 and CPX-CMXX allow unauthenticated, remote access to webpage functions which may cause a denial of service.
CVE-2022-3004 XSS stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-34917 An Apache Kafka security vulnerability affects all releases since 2.8.0. It allows malicious unauthenticated clients to allocate large amounts of memory on brokers.
CVE-2022-34746 An security vulnerability was found in Zyxel GS1900 series firmware versions prior to V2.70 due to the use of low entropy sources for key pair generation.
CVE-2022-35061 Heap buffer overflow was found in commit 617837b of otfccdump in OTFCC commit 617837b.
CVE-2022-28321 Before 1.5.2-6.1, the pam_access.so module didn't restrict login if a user tried to connect from an IP address that is not resolvable via DNS.
CVE-2022-35060 An overflow was found in commit 617837b of the OTFCCDUMP tool.
CVE-2022-35062 An attacker can overflow a heap buffer with 617837b in otfccdump via /release-x64/otfccdump+0x6c0bc3.
CVE-2022-35068 An overflow was found in otfccdump v6.0.0, which is the latest version.
CVE-2022-35069 The commit 617837b of OTFCC commit was found to contain a heap buffer overflow.
CVE-2022-28204 An issue was found in MediaWiki 1.37.x before 1.37.2 that can take 30+ seconds to render w/index.php?title=Special%3A WhatLinksHere&target=Property%3AP31&namespace=1&invert=1.
CVE-2022-28201 An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2
CVE-2022-3239 A flaw was found in the way user triggers em28xx_usb_probe() for Empia 28xx TV cards.
CVE-2022-23767 The SecureGate SQL-Injection vulnerability is found in login without password, path-traversal, and file-transfer.
CVE-2022-2995 Handling of supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or data modification.
CVE-2022-40143 An insecure directory in Trend Micro Apex One and Trend Micro Apex One as a Service could allow a low-privileged user to run arbitrary code with elevated privileges.
CVE-2022-40142 An Apex One and Asa Service agent vulnerability could allow a local attacker to create a writable folder and escalate privileges.
CVE-2022-40980 A vulnerability in Trend Micro Mobile Security for Enterprise 9.8 could allow an attacker with access to the Management Server to delete files.
CVE-2022-37347 A vulnerability in 2020 and 2021 Trend Micro Security could allow an attacker to read sensitive information from other memory locations and crash the affected machine.
CVE-2022-37348 A vulnerability in 2020 and 2021 Trend Micro Security could allow an attacker to read sensitive information from other memory locations and crash the affected machine.
CVE-2022-40139 An invalid component in Trend Micro Apex One and Trend Micro Apex One as a Service could allow a server administrator to instruct affected clients to download a rollback package.
CVE-2022-40810 The d8s-ip-addresses for python included a backdoor, which is the democritus-hypothesis package.
CVE-2022-35702 Adobe Bridge versions 12.0.2 and 11.1.3 are affected by an out-of-bounds read vulnerability in parsing a crafted file. This could result in a read past the end of an allocated memory structure.
CVE-2022-35707 Adobe Bridge versions 12.0.2 and 11.1.3 are affected by an out-of-bounds read vulnerability in parsing a crafted file. This could result in a read past the end of an allocated memory structure.
CVE-2022-29908 The Fabasoft Cloud Enterprise Client service allows local privilege escalation.
CVE-2022-40812 The d8s-pdfs for python had a backdo END>
CVE-2022-40809 The d8s-dicts for python included a code-execution backdoor. The backdoor is the democritus-hypothesis package.
CVE-2022-40428 d8s-mpeg has a backdoor in the democritus-networking package.
CVE-2022-35700 Adobe Bridge versions 12.0.2 and earlier are affected by a out-of-bounds write vulnerability that could lead to arbitrary code execution.
CVE-2022-40805 The d8s-urls for python 0.1.0 had a third party's backdoor.
CVE-2022-40811 The d8s-urls for python included a backdoor inserted by a third party. The backdoor is democritus-file-system.
CVE-2022-40807 The d8s domains for python included a backdoor. The backdoor is the democritus-hypothesis package.
CVE-2022-40808 The d8s-dates for python had a potential code- execution backdoor. The democritus-hypothesis package is the backdoor.
CVE-2022-40424 The d8s-urls for python included a backdoor from a 3rd party. The democritus-networking package has a backdoor.
CVE-2022-2753 The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doesn't sanitize and escape some of the user inputs, which allows attackers to perform cross-site scripting attacks against admin users.
CVE-2022-38341 Safe Software FME Server v2021.2.5 and below does not employ server-side validation.
CVE-2022-40778 An XSS flaw in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML.
CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVE-2022-40774 An issue was discovered in Bento4 through 1.6.0-639
CVE-2022-40769 profanity through 1.60 has only four billion possible RNG initializations
CVE-2022-25873 vuetify is vulnerable to XSS due to improper input sanitization in the 'eventName' function of VCalendar.
CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVE-2022-3173 Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
CVE-2022-36016 TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a non-exact 3-arg type, it triggers a CHECK-FAIL instead of returning a status.
CVE-2022-36013 TensorFlow is an open source platform for machine learning. When the mlir::tfg::GraphDefImporter::ConvertNodeDef crashed, it was patched in a0f0b9a21c9270930457095092f558fbad4c03e5.
CVE-2022-36002 TensorFlow is an open source platform for machine learning. UnBatch can give a CHECK fail which can trigger a DDoS attack.
CVE-2022-39211 Nextcloud server is an open source personal cloud platform. In affected versions, webservices can be found and requested erroneously. It is recommended the server is upgraded to 23.0.8 or 24.0.4.
CVE-2022-36004 TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input and rates, it can give a CHECK fail and trigger a DoS attack.
CVE-2022-3217 VBASE uses XOR with a static key to obfuscate login messages.
CVE-2022-36018 TensorFlow is a machine learning platform. If `RaggedTensorToVariant` is given a list of tensors with ranks other than 1, it results in a CHECK fail that can be used to trigger a denial of service attack.
CVE-2022-36026 TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a non-scalar `num_bits` input, it results in a `CHECK` fail that can be used to trigger a denial of service attack.
CVE-2022-40762 An excessive size value vulnerability in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service.
CVE-2022-40759 Samsung mTower 0.3.0 has a NULL pointer dereference bug in the TEE_MACCompareFinal function. An attacker can exploit this vulnerability to cause a DoS.
CVE-2022-40760 Buffer Access with Incorrect Length Value in Samsung mTower 0.3.0 allows a trusted application to trigger a DoS.
CVE-2022-40758 Buffer access with incorrect length value in mTower TEE_CipherUpdate function 0.3.0 Denial of Service.
CVE-2020-25491 Kare Emakin 5.0.341.0 is affected by XSS in the /rpc/membership/setProfile field of the Activity Stream page.
CVE-2022-39001 The number identification module has a path traversal vulnerability
CVE-2021-40024 Implementation of the WLAN module interfaces has the information disclosure vulnerability
CVE-2020-36601 Out-of-bounds write vulnerability in the kernel modules
CVE-2022-39010 The HwChrService module has a vulnerability in permission control
CVE-2022-38407 InCopy versions 17.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass ASLR.
CVE-2022-38431 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by a out-of-bounds read vulnerability in parsing a crafted file. This could result in a read past the end of an allocated memory structure.
CVE-2022-38406 InCopy versions 17.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass ASLR.
CVE-2021-46836 Implementation of the WLAN module interfaces has the information disclosure vulnerability
CVE-2022-39000 The iAware module has a vulnerability in managing malicious apps that will start automatically on system startup.
CVE-2022-38429 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by a out-of-bounds read vulnerability in parsing a crafted file. This could result in a read past the end of an allocated memory structure.
CVE-2022-39003 Buffer overflow vulnerability in the video framework
CVE-2022-39002 Double free vulnerability in the storage module
CVE-2021-40019 Out-of-bounds heap read vulnerability in the HW_KEYMASTER module
CVE-2022-38999 The AOD module has the improper update of reference count vulnerability
CVE-2022-39005 The MPTCP module has the memory leak vulnerability
CVE-2021-40017 The HW_KEYMASTER module lacks the validity check of the key format
CVE-2022-39004 The MPTCP module has the memory leak vulnerability
CVE-2022-38415 InDesign versions 16.4.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2022-28852 InDesign versions 16.4.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2022-38411 An earlier version of Animate is vulnerable to a Heap-based Buffer Overflow, which could result in arbitrary code execution in the context of the current user.
CVE-2022-38409 Adobe Illustrator versions 26.4 and earlier are affected by an out-of-bounds read vulnerability that could reveal sensitive memory.
CVE-2022-40337 An attacker can execute arbitrary code via the Open Print Folder menu in OASES 8.8.0.2.
CVE-2022-38827 TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi
CVE-2022-38823 In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample
CVE-2022-37250 Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
CVE-2021-42949 The controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication.
CVE-2022-38826 In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.
CVE-2022-3223 Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.
CVE-2022-40150 Jettison may be vulnerable to Denial of Service attacks if the parser is running on user supplied input.
CVE-2022-36534 Super Flexible Software GmbH & Co
CVE-2020-23550 An user-mode write access violation starting at FORMATS!GetPlugInInfo in IrfanView 4.54.
CVE-2022-36533 Super Flexible Software GmbH & Co
CVE-2022-39213 Go module go-cvss manipulates CVSS v2.0. In affected versions, an Out-of-Bounds Read is possible due to lack of tests.
CVE-2022-39215 Tauri is a framework for building binaries for desktop platforms. It uses `readDir` to canonicalize its results, which can lead to cross-platform directory listings.
CVE-2022-38325 Tenda WiFi router with version 15.03.05.19 has a buffer overflow via the filePath parameter.
CVE-2022-38535 An RCE vulnerability was found in TOTOLINK-720R v4.1.5cu.374.
CVE-2022-39209 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C
CVE-2022-40640 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
CVE-2022-37201 JFinal CMS 5.1.0 is vulnerable to SQL Injection.
CVE-2022-38851 The MPlayer Project products are vulnerable to OOB reads via a function called read_meta_record().
CVE-2022-40636 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
CVE-2022-37262 ReDoS flaw was found in stealjs steal 2.2.4 in source and sourceWithComments of main.js
CVE-2022-40643 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
CVE-2022-40658 Attackers can execute arbitrary code on NIKON NIS-Elements Viewer installations.
CVE-2022-40641 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
CVE-2022-40638 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
CVE-2022-40644 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
CVE-2022-40637 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
CVE-2022-38850 The MPlayer Project's mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config() of llibmpcodecs/vf_scale.c
CVE-2022-40639 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
CVE-2022-3001 The vulnerability is due to improper input handling at the camera's web-based management interface.
CVE-2022-3211 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.
CVE-2022-2471 The EZVIZ Motion Detection component has a stack-based Buffer Overflow vulnerability allowing remote code execution. These camera models are: CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL.
CVE-2022-3221 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.
CVE-2022-31735 OpenAM Consortium Edition version 14.0.0 contains an open redirect vulnerability.
CVE-2022-40734 UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 allows download?working_dir=%2F
CVE-2022-38308 An A700RU V7.4c command injection vulnerability was found in the cstesystem function.
CVE-2022-38301 Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file.
CVE-2022-40476 A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62
CVE-2022-2977 A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices
CVE-2022-3216 A vulnerability in Nintendo Game Boy Color has been found and is classified as problematic. The vulnerability causes memory corruption and can be launched remotely.
CVE-2021-38924 IBM Maximo Asset Management could be vulnerable to a detailed technical error message attack. This information could be used in further attacks against the system.
CVE-2022-0029 The Palo Alto Networks Cortex XDR agent on Windows devices has an improper link resolution vulnerability that allows a local attacker to read files with elevated privileges.
CVE-2022-20364 In sysmmu_unmap, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20231 In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-38796 Feehi CMS 2.1.1 may be vulnerable to a Host Header Injection attack.
CVE-2022-40673 KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache
CVE-2022-37139 Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
CVE-2022-40626 An unauthenticated user can create a fake account with predefined login, password and role in Zabbix Frontend using reflected Javascript code in the backurl parameter.
CVE-2020-19586 Inaccurate Access Control in YBI 7.3 allows attackers to escalate privileges via MIAdminStyles.i4 Admin UI.
CVE-2021-36568 In certain Moodle products, it's possible to add a "Topic" with a "Database" type "Text" with vulnerable values "Field name" and "Field description".
CVE-2022-38306 LIEF's CoreInfo component had a heap buffer overflow.
CVE-2022-38495 LIEF print_binary heap-buffer overflow was discovered to contain 365a16a.
CVE-2022-38307 LIEF commit 5d1d643 had a segmentation violation. The function LIEF::MachO::SegmentCommand::file_offset() was found to be vulnerable.
CVE-2022-38496 The commit LIEF 365a16a contains a reachable assertion abort.
CVE-2022-36768 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged user to exploit a vulnerability in the invscout command to obtain root privileges.
CVE-2022-39819 In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs
CVE-2022-38019 AV1 Video Extension Remote Code Execution Vulnerability.
CVE-2022-37963 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-34730 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-37964 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37961 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-37969 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-36107 TYPO3 is an open source PHP based web content management system released under the GNU GPL
CVE-2022-39150 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
CVE-2022-39138 V33.1.262), V34.0.252, V34.1.242, V35.0.161 have a vulnerability.
CVE-2022-39142 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
CVE-2022-3174 An attacker can obtain sensitive cookie in an HTTPS session without 'secure' attribute on GitHub repository prior to 2.4.2.
CVE-2022-3175 Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2.
CVE-2022-39143 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
CVE-2022-39158 An issue has been found in RUGGEDCOM ROS RMC8388, RS416Pv2, RS416v2, and RS900. These devices are affected by the vulnerability.
CVE-2022-39154 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
CVE-2022-39153 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
CVE-2022-39140 V33.1.262), V34.0.252, V34.1.242, V35.0.161 have a vulnerability.
CVE-2022-39147 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
CVE-2022-39139 V33.1.262), V34.0.252, V34.1.242, V35.0.161 have a vulnerability.
CVE-2022-39148 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
CVE-2022-39141 V33.1.262), V34.0.252, V34.1.242, V35.0.161 have a vulnerability.
CVE-2022-39156 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.
CVE-2022-38297 UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning
CVE-2022-38304 a SQL injection was found in the leave type maintenance system v1.0 id parameter.
CVE-2021-44426 An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5
CVE-2022-38296 Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager
CVE-2022-36173 v4.4.0-4.4.3 FreshAgent and FreshService Linux Agent 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.
CVE-2022-36102 Backend admin controllers in affected versions of Shopware could be compromised. Users could execute actions they normally cannot.
CVE-2022-31226 Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability
CVE-2022-1700 Forcepoint Data Loss Prevention and F1E, Web Security Content Gateway, and Email Security with DLP are vulnerable to the XXE vulnerability.
CVE-2022-3178 Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-37796 In the /admin_book.php script Title, Author, and Description are vulnerable to XSS.
CVE-2022-40325 SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262.
CVE-2022-40322 SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.
CVE-2022-25295 This package affects the gophish github.com/gophish/gophish before 0.12.0 as it contains an Open Redirect vulnerability.
CVE-2022-26049 The package com.diffplug.gradle:goomph before 3.37.2 has a security issue that can allow a malicious zip file to write arbitrary contents into the file system.
CVE-2021-37819 pdftk-java v3.2.3 had an infinite loop in the component /text/pdf/PdfReader.java
CVE-2022-38266 An issue in Tesseract v5.0.0 allows attackers to cause a Denial of Service by crafting a JPEG file.
CVE-2022-40320 cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
CVE-2022-31006 The Indy server is a distributed ledger server for decentralized identity.
CVE-2021-40647 In man2html 1.6g, reading a specific string from a file overwrites the size parameter in the top chunk of the heap, which causes segmentation abort if the heap size isn't aligned correctly.
CVE-2022-39809 An XSS vulnerability was found in WSO2 Enterprise Integrator 6.4.0 in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter.
CVE-2022-36617 Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption
CVE-2022-26392 The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) is vulnerable to format string attacks in superuser mode.
CVE-2022-26393 The Baxter Spectrum WBM is susceptible to format string attacks via application messaging
CVE-2022-3077 A buffer overflow was found in the iSMT SMBus controller driver of the Linux kernel that could lead to a remote code execution.
CVE-2022-36842 An heap-based overflow in the prepareRecogLibrary function of the libSDKRecognitionText.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVE-2022-36851 An access control vulnerability in Samsung pass before 4.0.03.1 allows attackers to access data on an unlocked device.
CVE-2022-26394 The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host
CVE-2022-3169 A flaw was found in the Linux kernel
CVE-2022-36864 In prior versions of Samsung Email, improper access control and intent redirection allowed attackers to access specific formatted files and execute privileged behavior.
CVE-2022-36280 An OOB memory access vulnerability was found in the vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in the GPU component in the Linux kernel.
CVE-2022-36866 In Broadcaster in Group Sharing before v13.0.6.15, attackers can identify a device.
CVE-2022-36876 In earlier versions of UPI payment app, improper authorization allows attackers to access account list without authentication.
CVE-2022-36859 An input validation vulnerability allows attackers to trigger a XSS on devices.
CVE-2022-26390 The Baxter Spectrum Wireless Battery Module stores network credentials and PHI in unencrypted form.
CVE-2022-36841 An heap-based overflow vulnerability in the PrepareRecogLibrary_Part function in SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVE-2022-2964 The driver for ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices has a flaw.
CVE-2022-29061 An attacker can exploit an OS Command Injection vulnerability in Fortinet FortiSOAR 7.2.1 to execute unauthorized code or commands.
CVE-2022-2925 Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1.
CVE-2022-25765 pdfkit package is vulnerable to Command Injection where the URL is not properly sanitized.
CVE-2022-40307 An issue was discovered in the Linux kernel through 5.19.8
CVE-2022-36091 XWiki Platform Web Templates are templates for a generic wiki platform. They expose properties that shouldn't be accessible to users before version 13.10.4 or 14.2.
CVE-2022-37163 The IHateToBudget v1.5.7 app has a weak password policy, which allows attackers to gain unauthorized access.
CVE-2022-27968 Cynet 360 Web Portal v4.5 allowed attackers to access a list of monitored files and profiles via a crafted GET request.
CVE-2022-37857 bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank
CVE-2022-22314 IBM Planning Analytics Local 2.0 allows web pages to be stored locally and be read by another user on the system.
CVE-2022-27967 Cynet 360 Web Portal v4.5 was found to be vulnerable to access to list of excluded files and profiles.
CVE-2022-27969 The Cynet 360 Web Portal before v4.5 allowed attackers to access a list of decoy users.
CVE-2022-37164 OnTrack v3.4 has a weak password policy, which allows attackers to gain access with brute-force attacks.
CVE-2022-3138 Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-38399 The SmaCam CS-QR10 and SmaCam Night Vision CS-QR20 have an unprotected alternate hardware interface that allows attackers to execute arbitrary OS commands.
CVE-2022-36403 An attacker can gain privileges by tricking the Device Software Manager installer into installing a malicious DLL.
CVE-2022-36588 The fileaccess.cgi buffer overflow in D-Link DAP1650 v1.04 firmware has a strncpy vulnerability.
CVE-2022-30078 The R6200_V2 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 are vulnerable to a command injection attack.
CVE-2022-35513 The Blink1Control2 application = 2.2.7 uses weak password encryption and an insecure storage method.
CVE-2022-31166 The Old Core package for XWiki Platform exploits a bug to obtain privilege escalation.
CVE-2022-40023 Sqlalchemy mako before 1.2.2 is vulnerable to a Denial of Service attack when using the Lexer class.
CVE-2022-38530 The version 2.1-DEV of PAGECACHA v2.1-DEV contained a stack overflow when processing ISOM_IOD.
CVE-2022-36038 CircuitVerse is an open-source platform to build digital logic circuits online.
CVE-2022-35847 An improper neutralization of special elements in FortiSOAR's management interface may allow a remote and authenticated attacker to execute arbitrary code.
CVE-2022-29062 Fortinet FortiSOAR before 7.2.1 has a vulnerability that allows an attacker with Fortinet Nginx permissions to write to the underlying filesystem.
CVE-2022-30298 An improper privilege management vulnerability in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files to execute arbitrary Python commands as root.
CVE-2022-29058 An improper neutralization of special elements in an OS command vulnerability in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0.
CVE-2022-29053 Vulnerability in keytab file encryption of FortiOS 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow attacker in possession of the file to decipher it.
CVE-2022-27664 HTTP/2 can hang during closing if shutdown were preempted by a fatal error.
CVE-2022-26470 An out of bounds write could lead to local escalation of privilege with System privileges. User interaction is not needed for exploitation.
CVE-2022-26468 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for attacker who has physical access to the device.
CVE-2022-23688 Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX
CVE-2021-43565 The golang.org/x/crypto package has an attacker-known-vulnerability that can cause a server to reboot.
CVE-2022-25309 A heap-based buffer overflow was found in the fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file.
CVE-2022-27491 An attacker can spoof a source of a communication channel in Fortinet FortiOS with IPS engine versions 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 to launch a targeted attack.
CVE-2022-37841 TOTOLINK A860R V4.1.2cu.5182 has root password "sample"
CVE-2022-37843 TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi has a command injection vulnerability.
CVE-2022-31020 Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity
CVE-2022-34747 An attack in Zyxel's NAS326 firmware before V5.21 could allow remote code execution if a malicious UDP packet is sent.
CVE-2022-30331 UDF allows installation of a query without validation, which can be exploited by attackers.
CVE-2022-31814 pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header.
CVE-2022-2271 The WP Database Backup plugin before 5.9 had unfiltered_html settings that could lead to XSS attacks.
CVE-2022-38749 Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS)
CVE-2022-3008 The tinygltf library uses the wordexp() function to expand file paths, which can be used to inject commands.
CVE-2022-39842 An issue was found in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check.
CVE-2022-3120 A critical vulnerability was found in SourceCodester Clinics Patient Management System. The component Login is affected.
CVE-2022-39049 Attackers may log into OTRS as admin user to manipulate URL and execute JavaScript in the context.
CVE-2022-39829 An error in mTower 0.3.0's aes256_encrypt leads to a NULL pointer dereference.
CVE-2022-39828 Samsung mTower 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, which leads to a denial of service.
CVE-2022-3118 A critical vulnerability was found in Sourcecodehero ERP System Project. Manipulation of the user argument in /pages/processlogin.php could lead to sql injection.
CVE-2020-29260 libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
CVE-2022-36647 An attacker sends a malicious request to exploit the buffer overflow at a target>/a path> in the software of a company>.
CVE-2022-36642 Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 has a local file disclosure vulnerability that allows attackers to access users credentials and gain initial access to the control panel with high privilege.
CVE-2022-36639 An XSS vulnerability in the /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-36638 An access control issue in the print.php component of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders.
CVE-2022-36076 Node.js forum software is powered by Redis, MongoDB, or PostgreSQL.
CVE-2022-22059 Video parsing can lead to memory corruption on Snapdragon Auto, Compute, Connectivity, and Industrial IOT.
CVE-2022-25668 Video driver memory corruption due to double free parsing ASF clips. Several Snapdragon processors affected.
CVE-2022-25657 Buffer overflow occurs in Snapdragon Auto, Compute, Connectivity, Industrial IOT, and Mobile while processing invalid MKV clip with invalid seek header.
CVE-2022-22106 Multimedia corruption due to improper length check in Snapdragon Auto.
CVE-2022-22067 The modem can potentially leak memory when processing NSA RRC Reconfig with invalid Radio Bearer Config. These are all Snapdragon mobile platforms.
CVE-2022-36593 An arbitrary file deletion vulnerability was found in KFK v4.0.0 in the fileName parameter of the controller/FileController.java file.
CVE-2022-39177 The BlueZ before 5.59 does not properly validate credentials, which can lead to a DoS attack.
CVE-2022-39170 libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
CVE-2021-25657 A privilege escalation vulnerability was found in Avaya IP Office Admin Lite and USB Creator. Local users may be able to escalate privileges.
CVE-2022-2639 An integer coercion error was found in the openvswitch kernel module
CVE-2020-35530 In LibRaw, there is an out-of-bounds write vulnerability in the 'new_node()' function in X3F files that can be triggered.
CVE-2022-3061 An I740 driver flaw allowed userspace to pass arbitrary values to the driver.
CVE-2022-36055 Helm is a tool for managing charts. The CNCF found that some functions in the _strvals_ package can cause an out of memory panic.
CVE-2022-38790 Weave GitOps Enterprise has a cross-site scripting bug that allows a malicious user to inject a javascript: link that will execute with the victim user's permission.
CVE-2022-36053 Contiki-NG is an open-source operating system for IoT devices. The low-power IPv6 buffer module processes IPv6 extension headers in incoming data packets.
CVE-2022-36054 Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices
CVE-2022-36449 An issue was discovered in the Arm Mali GPU Kernel Driver
CVE-2022-36130 HashiCorp Boundary didn't perform data integrity checks, allowing users with another scope to escalate privileges.
CVE-2022-37129 D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand
CVE-2022-36619 In D-link DIR-816 A2 v1.10CNB04, reset the network without authentication.
CVE-2022-2892 ScadaPro Server uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition.
CVE-2022-1841 In tcp_flags when ECN/CWR is set, the byte 0 will be written out of bounds.
CVE-2022-36046 Next.js is a React framework that can provide building blocks to create web applications
CVE-2022-1508 An out-of-bounds read vulnerability was found in the io_uring module in the Linux kernel.
CVE-2022-1247 Linux race condition in rose_connect() where rose driver uses rose_neigh->use to represent objects using the rose_neigh.
CVE-2022-2466 Quarkus 2.10.x doesn't terminate HTTP requests header context which may lead to unpredictable behavior.
CVE-2022-2132 A permissive list of allowed inputs flaw was found in DPDK
CVE-2022-30317 The Honeywell Experion LX Control Data Access (CDA) EpicMo protocol has an unauthenticated functionality issue.
CVE-2022-21941 iSTAR Ultra version 6.8.9.CU01 is vulnerable to a command injection that allows an unauthenticated user to gain root access.
CVE-2022-2220 Ocata doesn't verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name.
CVE-2020-35537 An input file could cause g++ to crash with certain optimization flags.
CVE-2020-35538 An input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.
CVE-2020-35536 An internal compiler error in match_reload() at lra-constraints.c may cause a crash.
CVE-2022-36035 Flux keeps Kubernetes clusters updated with configuration sources and automates updates when there's new code to deploy.
CVE-2022-36045 NodeBB Forum Software is powered by Node.js and supports Redis, MongoDB, or PostgreSQL. It uses web sockets for instant interactions and notifications.
CVE-2022-27911 An issue was discovered in Joomla! 4.2.0
CVE-2022-39046 An issue was discovered in the GNU C Library (glibc) 2.36
CVE-2022-39047 Freeciv before 2.6.7 and 3.0.3 is vulnerable to a buffer overflow when the Modpack Installer handles the modpack URL.
CVE-2022-37173 An issue in gVim 9's installer allows attackers to execute arbitrary code.
CVE-2022-36561 XPDF v4.0.4 had a segmentation violation in its AcroForm component.
CVE-2022-3037 Use After Free in GitHub repository vim/vim prior to 9.0.0322.
CVE-2022-37176 Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below has a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode.
CVE-2022-37149 WAVLINK WL-WN575A3 RPT75A3.V4300.201217 has a command injection vulnerability when operating the file adm.cgi.
CVE-2022-38118 OAKlouds Portal website’s Meeting Room has insufficient validation for user input
CVE-2022-38116 Le-yan has a hard-coded database account and password in its Personnel and Salary Management System.
CVE-2022-39028 In Inetutils, krb5-appl, and derived works, there is a NULL pointer dereference due to 0xff 0xf7 or 0xff 0xf8.
CVE-2022-25887 The package sanitize-html before 2.7.1 is vulnerable to ReDoS due to insecure global regular expression replacement logic for comment removal.
CVE-2022-24106 Xpdf prior to 4.04 had a DCT (JPEG) decoder bug that allowed the 'interleaved' flag to be changed after the first scan of the image, which led to a vulnerability in Stream.cc.
CVE-2022-36558 Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account
CVE-2022-36557 The Seiko SkyBridge MB-A100/A110 v4.2.0 and below was found to have an arbitrary file upload vulnerability.
CVE-2022-36554 The Hytec Inter CLI command injection vulnerability allows attackers to execute commands as root.
CVE-2022-38625 Patlite NH-FB v1.46 and earlier was found to have insufficient firmware validation during the upgrade process.
CVE-2022-36556 The Seiko SkyBridge MB-A100/A110 v4.2.0 and below had a command injection vulnerability via the ipAddress parameter.
CVE-2022-37680 An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device.
CVE-2022-36037 Kirby is a CMS that helps you build your ideal interface.
CVE-2022-0284 A heap-based buffer-over-read was found in ImageMagick's GetPixelAlpha() function.
CVE-2022-0367 A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c
CVE-2022-0644 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-0850 An information leak occurs in the Linux kernel due to an ext4_extent_header vulnerability.
CVE-2022-0358 FOUND AN SECURE VIRTIOFS DEDICATED FILE SYSTEM FLAW. THIS IS STrictLY RELATED TO CVE-2018-13405
CVE-2022-0400 An out-of-bounds read was found in the smc protocol stack, causing remote DOS.
CVE-2022-1204 An use-after-free flaw was found in the Amateur Radio AX.25 protocol functionality in the Linux kernel.
CVE-2022-1117 fapolicyd has a vulnerability due to an assumption about how glibc names the runtime linker.
CVE-2022-1184 An use-after-free flaw was found in the filesystem of the Linux kernel.
CVE-2022-0480 A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel
CVE-2022-3019 The forgot password token makes us capable of taking over the account of whoever commented in an app.
CVE-2021-41785 Foxit PDF Reader and Editor before 11.1 and PhantomPDF 10.1.6 allow attackers to trigger a use after free and execute arbitrary code.
CVE-2021-41784 Foxit PDF Reader and Editor before 11.1 and PhantomPDF 10.1.6 allow attackers to trigger a use after free and execute arbitrary code.
CVE-2021-41781 Foxit PDF Reader and Editor before 11.1 and PhantomPDF 10.1.6 allow attackers to trigger a use after free and execute arbitrary code.
CVE-2022-36610 Totolink A720R V4.1.5cu.532_B20210610 had a root password stored in /etc/shadow.sample.
CVE-2022-36611 A hardcoded password was found in the A800R V4.1.2 firmware.
CVE-2022-36613 Totolink N600R v4.3.0cu7647 contains a hardcoded password for root at /etc/shadow.sample.
CVE-2022-36612 Totolink A950RG v4.1.2cu.5204 contains a hardcoded password for root at /etc/shadow.sample.
CVE-2022-38564 Tenda M3 V1.0.0.12 had a buffer overflow vulnerability in the function formSetPicListItem.
CVE-2022-38562 Tenda M3 V1.0.0.12 had a heap buffer overflow vulnerability in the formSetFixTools function.
CVE-2022-38556 The v1.03B01 of Trendnet TEW733GR contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
CVE-2022-3016 Use After Free in GitHub repository vim/vim prior to 9.0.0286.
CVE-2022-38792 The exotel package in PyPI has a backdoor.
CVE-2022-2787 Schroot had a bug in 1.6.13 that allowed a DoS if a user started a schroot session.
CVE-2022-3015 An issue has been found in oretnom23 Fast Food Ordering System. Manipulation of the argument date leads to cross site scripting.
CVE-2019-15167 The VRRP parser in tcpdump before 4.9.3 has a buffer over-read, a different vulnerability than CVE-2018-14463.
CVE-2022-36542 An access control issue exists in the /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 that allows attackers to edit, read, and delete Administrator data.
CVE-2022-2915 An Heap Buffer Overflow vulnerability in the SonicWall SMA100 appliance can lead to Denial of Service or code execution.
CVE-2022-0171 A flaw was found in the Linux kernel
CVE-2022-0207 A race condition was found in vdsm
CVE-2022-0175 VIRGLINED doesn't properly initialize memory when allocating a host-backed memory resource.
CVE-2022-0217 Prosody library does not properly restrict XML features in parsed data.
CVE-2022-0216 LSI53C895A SCSI Host Bus Adapter emulation has a use-after-free vulnerability that occurs when processing repeated messages to cancel the current SCSI request.
CVE-2022-0084 XNIO had a bug where the notifyReadClosed method logged to the wrong end.
CVE-2022-36121 An issue was discovered in Blue Prism Enterprise 6.0 through 7.01
CVE-2022-31499 An attacker can inject OS commands into E3-Series devices before 0.32-08f.
CVE-2022-31798 N-Series 0.32-07p Linear eMerge devices are vulnerable to XSS with session fixation when they are chained together.
CVE-2022-31269 With the E3-Series, Nortek can place admin credentials in a file to open doors.
CVE-2022-36715 The Library Management System v1.0 had a SQL injection vulnerability via the name parameter.
CVE-2022-2982 Use After Free in GitHub repository vim/vim prior to 9.0.0260.
CVE-2021-20224 An integer overflow was found in ImageMagick's 'ExportIndexQuantum' function. This could lead to values outside the range of 'unsigned char'.
CVE-2021-3979 A key length flaw was found in Red Hat Ceph Storage
CVE-2022-20824 The Cisco Discovery Protocol vulnerability in FXOS and NXOS could allow an unauthenticated, adjacent attacker to execute code with root privileges or cause a DoS.
CVE-2022-20921 An attacker could exploit vulnerabilities in the API implementation of Cisco ACI MSO to elevate privileges.
CVE-2018-5494 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2021-20258 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2021-20287 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2021-20301 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-37079 A6115 V9.1.0u.6115_B20201022 had a command injection vulnerability in the setOpModeCfg function.
CVE-2022-37097 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById.
CVE-2022-37082 A7000R V9.1.0u.6115 contains a command injection vulnerability at the function NTPSyncWithHost.
CVE-2022-37083 An A7000R V9.1.0u.6115_B20201022 command injection vulnerability was found in the ip parameter of the setDiagnosisCfg function.
CVE-2022-34960 The container package in MikroTik RouterOS 7.4beta4 allows attackers to create mount points that point to host device locations.
CVE-2018-14520 An issue was discovered in Kirby 2.5.12
CVE-2020-35520 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2021-4122 A LUKS header can trick cryptsetup into disabling encryption during recovery.
CVE-2021-4189 Python's FTP client has a PASV bug that allows the host to spoof responses.
CVE-2021-3999 An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption.
CVE-2021-4028 An attacker with local access to an RDMA communications manager listener could create a socket to listen on a high port, which could lead to a list element being freed.
CVE-2021-4155 XFS data leak flaw allowed for size increase of files with unaligned size.
CVE-2021-4037 Local users can create files with group ownership and SGID permission bits for the XFS file system.
CVE-2021-4125 The fix for log4j CVE-2021-44228 and CVE-2021-45046 was incomplete, as some JndiLookup.class files were not removed.
CVE-2022-37153 An issue was discovered in Artica Proxy 4.30.000000
CVE-2022-36945 The RKE receiving unit on some Mazda vehicles allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals, aka a RollBack.
CVE-2022-24375 The package node-opcua before 2.74.0 are vulnerable to Denial of Service when bypassing the limitations for excessive memory consumption.
CVE-2022-38132 Injection vulnerability in Linksys MR8300 router allows attackers to execute arbitrary OS commands.
CVE-2021-3917 The coreos-installer writes the Ignition config with world-readable access permissions, which allows a local attacker to have read access to sensitive data.
CVE-2021-3995 An error in libmount allows an unprivileged user to unmount a FUSE filesystem.
CVE-2021-3996 An error in libmount allows an unprivileged user to unmount a FUSE filesystem.
CVE-2020-35516 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-35511 A buffer overflow was found in pngcheck v2.4.0, which was patched.
CVE-2021-3997 A flaw was found in systemd
CVE-2022-38172 ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard.
CVE-2022-37428 PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1 has improper cleanup when protobuf logging is enabled, which lead to a denial of service.
CVE-2020-35509 An expired certificate was accepted by keycloak due to missing time stamp validation.
CVE-2021-3759 A memory overflow vulnerability was found in the ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times.
CVE-2021-3800 A flaw was found in glib before version 2.63.6
CVE-2021-3827 The default ECP binding flow can be bypassed, allowing other authentication flows.
CVE-2022-2965 An improper restriction of rendered UI layers or frames in a GitHub repository before 0.7.
CVE-2021-20298 An attack in OpenEXR's B44Compressor can exhaust all memory accessible to the application.
CVE-2022-35278 Before 2.24.0, Artemis could be manipulated with HTML in the name of an address or queue.
CVE-2022-35203 An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.
CVE-2022-2829 XSS stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2020-35992 Fiserv Prologue through 2020-12-16 does not properly protect the database password
CVE-2021-28861 Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may lead to information disclosure
CVE-2022-35191 D-Link's DSL-3782 v1.01 firmware allows unauthenticated attackers to cause a DoS.
CVE-2022-2923 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
CVE-2022-28710 The chunkFile function of WWBN AVideo 11.6 and dev master commit 3f7c0364 can be used to read arbitrary files.
CVE-2022-38171 An integer overflow in the JBIG2 decoder of version 4.04 of the PDF parser in Xpdf could lead to a crash or the execution of arbitrary code.
CVE-2022-32761 An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBn AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read
CVE-2022-32572 An injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution.
CVE-2022-32769 Multiple authentication bypass vulnerabilities in WWBN AVideo 11.6 and dev master commit 3f7c0364
CVE-2022-26842 An XSS vulnerability exists in WWBN AVideo 11.6's charts tab selection functionality. An attacker can exploit this vulnerability to execute arbitrary Javascript.
CVE-2022-26061 A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution.
CVE-2022-28712 An XSS vulnerability exists in the videoAddNew function of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution.
CVE-2022-30605 Session id vulnerability allows for privilege escalation.
CVE-2020-36261 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36266 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36265 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36258 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36257 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36270 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36259 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36272 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-27834 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36269 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36271 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36262 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36260 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36268 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2020-36264 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2021-3521 There is a problem with RPM's signature functionality. It does not check subkeys' binding signatures before importing them.
CVE-2022-2927 Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2885 XSS stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-30036 The grandMA2 Light has a root password of 'root' for the vendor's isolated network.
CVE-2022-2921 Exposure of private personal information in GitHub repository prior to v0.7. This results in privilege escalation to a system administrator account.
CVE-2022-2568 A privilege escalation flaw was found in the Ansible Automation Platform
CVE-2022-1069 An HTTP packet with a large content-length can create a denial-of-service condition in Softing Secure Integration Server V1.22.
CVE-2022-23765 conPh subject
CVE-2022-38392 An OEM 5400 RPM hard drive, as shipped in 2005, can be crashed with a resonant-frequency attack.
CVE-2022-37393 The zimbra user can run zmslapd as root with arbitrary parameters.
CVE-2022-2613 In earlier Chrome OS versions, an attacker who convinces a user to perform specific actions can exploit heap corruption to get access to local file.
CVE-2022-37042 ZCS has mboximport to extract files from a ZIP archive.
CVE-2022-28755 cat
CVE-2022-2458 XML external entity injection lets attackers interfere with an application's processing of XML data.
CVE-2022-30580 Injects code in Cmd.Start and Go 1.17.11 and 1.18.3 by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput with unset Cmd.Path.
CVE-2022-2756 Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.
CVE-2022-0028 A policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP Denial-of-Service attacks.
CVE-2022-20827 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a DoS.
CVE-2022-20842 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a DoS.
CVE-2022-20792 Regex module used by ClamAV versions 0.104.0 through 0.104.2 and LTS 0.103.5 could be vulnerable to crash.
CVE-2022-37452 Exim before 4.95 has a buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2022-37451 Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
CVE-2022-2692 A vulnerability was found in SourceCodester Wedding Hall Booking System. The component Staff User Profile is affected.
CVE-2022-2690 A problem with the function of the file /whbs/?page=my_bookings of the component Booking Form.
CVE-2022-1158 KVM has a bug where when updating a guest's page table entry, vm_pgoff is used instead of the page's pfn.
CVE-2022-1973 An use-after-free flaw was found in the Linux kernel's log replay in ntfs3's fslog.c.
CVE-2022-1012 Memory leak problem in TCP source port generation algorithm due to small table perturb size.
CVE-2022-31656 VMware Workspace, Access, Identity and vRealize have authentication bypass issues. This could be a huge issue for local users.
CVE-2022-21186 The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.
CVE-2022-2647 An insecure file in the jeecg-boot API was found to be critical. The upload can be done remotely.
CVE-2022-35924 The `next-auth` authentication solution for Next.js applications is affected by the `EmailProvider` in versions before `4.10.3` or `3.29.10`.
CVE-2022-35922 Rust WebSocket library before 0.26.5 has an issue where untrusted websocket connections can cause an OOM process abort. The issue is with dataframe parsing.
CVE-2022-31195 ran MonionalilityOnaker
CVE-2022-31179 Shescape is a simple JS escape package that was found to be vulnerable to code injection.
CVE-2022-31186 NextAuth.js is a complete open source authentication solution for Next.js applications
CVE-2022-27255 The SIP ALG function in Realtek eCos 1.5.7p1 and MSDK 4.9.4p1 has a stack-based buffer overflow.
CVE-2022-30616 Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs.
CVE-2022-29360 The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.
CVE-2022-2294 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to exploit heap corruption.
CVE-2022-24406 The SAX App Suite through 7.10.6 has a predictable SSRF issue that can be exploited through Documentconverter API calls.
CVE-2022-1486 V8 in Google Chrome prior to 101.0.4951.41 could read memory of other processes due to confusion between objects.
CVE-2022-1671 A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel.
CVE-2022-2225 Using subcommands like disable-wifi allowed users with admin privileges to bypass ZT policies.
CVE-2022-36450 Obsidian before 0.15.5 allows remote code execution via the window.open hook.
CVE-2022-36446 software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVE-2022-1128 An attacker on the local network segment could leak cross-origin data in Google Chrome on Windows prior to 100.0.4896.60.
CVE-2022-1125 After free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption by user interaction.
CVE-2022-34112 The access control issue in Dataease v1.11.1 lets attackers uninstall the plugin.
CVE-2021-36200 An unauthenticated user could access the Metasys ADS/ADX/OAS 10 web API and enumerate users.
CVE-2022-30628 The API for getting a token was accessible without authentication.
CVE-2022-2107 The MiCODUS MV720 GPS tracker API has a master password authentication mechanism.
CVE-2022-1766 Anchore Enterprise has a flaw in its anchoring tool that improperly stores credentials.
CVE-2022-22215 The file descriptor or handle released by a Juniper Networks Junos PAM after an effective lifetime can be abused by a local attacker with low privileges to cause a Denial of Service.
CVE-2022-21439 Vulnerability in Oracle System's Solaris kernel. Affected versions are 10 and 11.
CVE-2022-26479 An issue was discovered in Poly EagleEye Director II before 2.2.2.1
CVE-2022-25858 The package terser before 4.8.1, 5.0.0 and 5.14.2 are vulnerable to ReDoS due to insecure usage of regular expressions.
CVE-2022-30634 An attacker can hang an application by sending a buffer larger than 1 32 - 1 bytes on Windows.
CVE-2021-34986 Local attackers can escalate privileges on affected installations of Parallels Desktop 16.5.0.
CVE-2022-2401 Unrestricted information disclosure in Mattermost 6.7.0 and earlier allows team members to access sensitive information via the APIs.
CVE-2022-2406 The legacy Slack import feature in Mattermost 6.7.0 and earlier allows authenticated attackers to crash the server by importing large files.
CVE-2022-30216 Windows Server Service Tampering Vulnerability.
CVE-2022-31102 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes
CVE-2022-31105 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes
CVE-2022-28771 API version 10.0 has an authentication check that can be bypassed by an unauthenticated attacker.
CVE-2022-31078 KubeEdge is an open source system for extending application orchestration capabilities to hosts at the Edge.
CVE-2022-31080 KubeEdge is an open source system for extending application orchestration capabilities to hosts at the Edge.
CVE-2022-31139 UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. The internal data of UA is protected by JVM and others can only access UA via UA's standard API.
CVE-2022-20812 The API and web-based interface of Cisco Expressway and VCS could be vulnerable to remote attackers overwriting arbitrary files or conducting null byte poisoning attacks.
CVE-2022-20813 The API and web-based interface of Cisco Expressway and VCS could be vulnerable to remote attackers overwriting arbitrary files or conducting null byte poisoning attacks.
CVE-2022-20791 Vulnerabilities in Cisco Unified CM, Unified CM SME, and UniFi IM & Presence Service databases allow attackers to gain access to sensitive information.
CVE-2022-32290 The client in Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control and listens on a random TCP port, facilitating calls to its API from other components on the device.
CVE-2022-2097 AES-OCB mode for 32-bit x86 platforms uses the AES-NI optimized implementation, which reveals 16 bytes of data that wasn't written to memory.
CVE-2022-34918 An issue was found in the Linux kernel through 5.18.9. A type confusion vulnerability could be used by a local attacker to escalate privileges. This is different than CVE-2022-32250.
CVE-2022-34903 GnuPG through 2.3.6 has a vulnerability where an attacker with secret key information from the victim's keyring can forge signatures in unusual situations.
CVE-2022-1983 Incorrect authorization in GitLab EE prior to 14.10.5, 15.0.4, and 15.1.1 allowed attackers with a valid Deploy Key or Token to use it from anywhere.
CVE-2022-33329 Command injection vulnerabilities exist in the web_server ajax endpoints of Robustel R1510 3.3.0. A specially-crafted network packet can lead to arbitrary command execution.
CVE-2022-2078 An attacker can exploit a buffer overflow in the nft_set_desc_concat_parse() function to cause a denial of service and possibly run code in the kernel.
CVE-2022-31884 Marval MSM has an Improper Access Control vulnerability which allows low privilege users to delete other users API Keys including Administrator ones.
CVE-2022-31098 Weave GitOps is a simple open source developer platform for cloud native applications.
CVE-2022-31081 HTTP::Daemon is a simple http server written in perl. Before version 6.15, v5 and earlier are vulnerable to a vulnerability which could be exploited to gain access to APIs or poison intermediate caches.
CVE-2022-31035 Argo CD v1.0.0 is vulnerable to a cross-site scripting bug allowing a malicious user to inject a `javascript:` link.
CVE-2022-20828 An attacker could exploit a vulnerability in the CLI parser of Cisco FirePOWER Software for ASA FirePOWER module to execute arbitrary commands on the underlying operating system.
CVE-2022-20829 Cisco ASDM images could have a vulnerability that allows an attacker with administrative privileges to access them.
CVE-2022-2104 The www-data account has sudo access with no password.
CVE-2022-22967 PAM auth fails to reject locked accounts, allowing a user whose account is locked to still run Salt commands.
CVE-2022-20651 The logging component of Cisco ASDM is vulnerable to an authenticated, local attacker who could view sensitive information in clear text.
CVE-2022-2068 The c_rehash script does not properly sanitise shell metacharacters, which can lead to command injection. This issue was identified by code review.
CVE-2022-31306 Nginx NJS v0.7.2 had a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
CVE-2022-26669 ASUS Control Center is vulnerable to SQL injection
CVE-2022-2023 Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-24562
CVE-2022-27512 Temporary disruption of the ADM license service
CVE-2022-27511 Corruption of the system by a remote, unauthenticated user
CVE-2022-31072 Octokit is a Ruby library for the GitHub API. Versions 4.23.0 and 4.24.0 contain world-writable files. The files' permissions are set to '-rw-rw-rw-'
CVE-2022-30149 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2022-30140 Windows iSCSI Discovery Service Remote Code Execution Vulnerability.
CVE-2022-30141 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2022-30139 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2022-30136 Windows Network File System Remote Code Execution Vulnerability.
CVE-2022-21180 Inappropriate input validation for some Intel processors could lead to a denial of service.
CVE-2022-24436 An attacker can potentially access information if they can throttle some Intel Processors.
CVE-2022-23823 An attacker may be able to potentially execute a timing attack to reveal information about AMD processors.
CVE-2022-21123 An attacker can potentially access information on the local machine if the CPU does not clean up its shared memory correctly.
CVE-2022-21125 An authentication issue was found on some Intel Processors that may allow local access info disclosure.
CVE-2022-20798 Vulnerability in external authentication functionality of Cisco SMA/ESA could allow unauthenticated remote attacker to log in.
CVE-2022-20664 An attack in the web interface of Cisco SMA and ESA could allow a remote attacker to retrieve sensitive information.
CVE-2022-32151 The httplib and urllib libraries in Splunk Enterprise versions before 9.0 didn't validate certificates with the CA certificate store.
CVE-2022-29241 Jupyter Server provides the backend for Jupyter web applications like Jupyter Notebook.
CVE-2022-31590 The SAP PowerDesigner Proxy 16.7 has a write/create program file bug that allows an attacker with low privileges and local access to write files on system disk root path. This could be exploited to elevate privileges.
CVE-2022-31289 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-33174 Distribution Units running Powertek firmware before 3.30.30 may have been vulnerable to remote authorization bypass.
CVE-2022-1654 Jupiter Theme and JupiterX Core Plugin have vulnerabilities that allow attackers to gain admin privileges.
CVE-2022-25845 The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data, which is possible under certain conditions.
CVE-2022-2042 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-26362 Xen maintains a type reference count for pages, which is used for safety.
CVE-2022-31214 A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68
CVE-2022-31030 The containerd's CRI implementation was found to be vulnerable to memory exhaustion due to programs inside a container.
CVE-2022-31027 CILogonOAuthenticator is an OAuth token library for the JupyerHub login handler. CILogon is provided by the OAuthenticator package.
CVE-2022-31313 api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.
CVE-2022-30877 The keep for Python included a backdoor inserted by a third party.
CVE-2022-30910 Magic H3C R100 R100V100R005 had a stack overflow vulnerability via the GO parameter.
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2022-1708 An attacker with access to the Kube API can exhaust memory or disk space on a node by running an ExecSync command in a container.
CVE-2022-31279 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-1966 Reject candidate with same ID as CVE-2022-32250.
CVE-2022-1680 An account takeover issue was found in GitLab EE starting from 11.10 and 14.10 before 15.0.1.
CVE-2022-1944 The feature is configured improperly in GitLab CE/EE versions 11.3, 14.10, and 15.0, which allows users with the Developer role to open the Interactive Web Terminal.
CVE-2022-31481 An attacker can send a malicious update file to overflow a buffer.
CVE-2022-32250 An attacker with user/net namespace access can escalate privileges to root due to an NFT_STATEFUL_EXPR bug.
CVE-2022-1652 The kernel could be compromised by a use-after-free flaw in the bad_flp_intr function.
CVE-2022-27774 Credentials could be leaked when HTTP(S) redirects are used with authentication.
CVE-2022-30277 Synapsys™ versions 4.20, 4.20 SR1, and 4.30 have an inadequate session expiration vulnerability.
CVE-2022-27782 libcurl reused connections even when a TLS or SSH related option was changed.
CVE-2022-1943 A memory write in the UDF file system was found which can be exploited by users.
CVE-2022-1797 An invalid Class 3 industrial protocol message with a cached connection can cause a denial-of-service in Rockwell Automation Logix Controllers. This is a major nonrecoverable fault.
CVE-2022-1789 With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva
CVE-2021-43512 FlightRadar24's v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android can be decompiled and has API keys that can be extracted. These vulnerabilities allow attackers to cause unspecified consequences.
CVE-2022-1419 The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object, and *vgem_gem_dumb_create will access the freed drm_vgem_gem_object.
CVE-2022-1786 An use-after-free flaw was found in the way users set up a ring with IORING_SETUP_IOPOLL in the Linux kernel.
CVE-2022-31000 The solidus_backend admin interface has a cross-site request forgery vulnerability. Versions 3.1.6, 3.0.6, and 2.11.16 are affected.
CVE-2022-1947 Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.
CVE-2022-1808 Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.
CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-20806 Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway and VCS could allow an attacker to write files or disclose sensitive information.
CVE-2022-26712 The vulnerable code is removed in macOS Monterey 12.4 and Big Sur 11.6.6.
CVE-2022-26721 An memory initialization issue was fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4 and macOS Big Sur 11.6.6.
CVE-2022-29082
CVE-2022-20821 An attacker could exploit a vulnerability in the health check RPM of Cisco IOS XR Software to access Redis, a key-value store.
CVE-2022-1664 dpkg before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is vulnerable to a directory traversal attack.
CVE-2022-26082 The OAS Engine SecureTransferFiles functionality has a file write vulnerability. An attacker can exploit this vulnerability to execute remote code.
CVE-2022-31624 MariaDB Server before 10.7 is vulnerable to Denial of Service
CVE-2022-1678 An issue was found in the Linux Kernel from 4.18 to 4.19, which can lead to memory/netns leak and can be used by remote clients.
CVE-2022-29379 Nginx NJS v0.7.3 had a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c
CVE-2022-30595 TGA images have a buffer overflow in Pillow 9.1.0.
CVE-2022-29361 Pallets Werkzeug v2.1.0 and earlier allows attackers to perform HTTP Request Smuggling by manipulating HTTP requests.
CVE-2022-26532 Injecting arguments in the 'packet-trace' command of Zyxel USG/ZyWALL and USG FLEX/ATP versions 4.50 through 5.21 could allow remote attackers to gain control of the device.
CVE-2022-22972 VMware Workspace, Access, Identity and vRealize have authentication bypass issues. This could be a huge issue for local users.
CVE-2022-22365 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames.
CVE-2022-29170 Grafana is an open-source platform for monitoring and observability. In the Request security feature, the instance calls specific hosts.
CVE-2022-29165 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes
CVE-2022-21500 Oracle E-Business Suite is vulnerable to a man-in-the-middle attack that can compromise the application if exploited.
CVE-2022-28948 The Unmarshal function in Go-Yaml v3 crashes when it encounters invalid input.
CVE-2022-1183 The named daemon may terminate with assertion failure on vulnerable configurations that include a http reference in listen-on statements.
CVE-2022-30600 A flaw in moodle's login counter could lead to account lockout.
CVE-2022-22787 The Zoom Client for Meetings fails to validate the hostname before a server switch request.
CVE-2022-22785 The Zoom Client for Meetings 5.10.0 failed to properly constrain client session cookies to Zoom domains.
CVE-2022-22786 The Zoom Client for Meetings and Zoom Rooms for Conference Room fail to check the installation version before updating.
CVE-2022-29162 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification
CVE-2022-22475 IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing.
CVE-2022-30945 Groovy plugins can load Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
CVE-2022-1586 An out-of-bounds read vulnerability was found in the PCRE2 library. This involves a unicode property matching issue in JIT-compiled regular expressions.
CVE-2022-1587 An out-of-bounds read vulnerability was found in the PCRE2 library's get_recurse_data_length() function.
CVE-2022-23657 a ARUBA ClearPass Policy Manager remote authentication vulnerability was discovered
CVE-2022-0573 An old version of Artifactory is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution.
CVE-2022-30779 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-30767 Das U-Boot through 2022.04 has an unbounded memcpy with a failed length check, leading to a buffer overflow.
CVE-2022-22282 An attacker can access a resource using HTTP connections from an unauthorized actor, which leads to the Incapacita Access Control vulnerability.
CVE-2022-1702 The SMA1000 and earlier versions have an external link redirect vulnerability that accepts a user controlled input.
CVE-2022-1701 Firmware 12.4.0, 12.4.1-02965 uses a hard-coded encryption key to store data.
CVE-2022-29854 V 1.8.0.12 is vulnerable to a root access vulnerability due to insufficient access control for test functional.
CVE-2022-22970 In old unsupported versions of spring framework, apps that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CVE-2022-28818 ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected XSS vulnerability.
CVE-2022-0004 The debug modes and INIT setting for Intel processors can be abused to escalate privilege.
CVE-2022-21151 Processor optimization may allow local access to sensitive information.
CVE-2022-29885 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 was incorrect about Tomcat clustering over an untrusted network.
CVE-2022-24102 Acrobat DC versions 20.001.20085, 20.005.3031x, and 17.012.30205 are vulnerable to a use after free vulnerability, which could result in arbitrary code execution in the context of the user.
CVE-2022-0024 An authenticated network-based PAN-OS administrator can upload a configuration that disrupts system processes and potentially execute arbitrary code with root privileges.
CVE-2022-23743 Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process.
CVE-2022-1622 The libTIFF master branch has an out-of-bounds read in LZWDecode that can cause a denial-of-service.
CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability
CVE-2022-29130 Windows LDAP Remote Code Execution Vulnerability
CVE-2022-22012 Windows LDAP Remote Code Execution Vulnerability
CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability.
CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability
CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability
CVE-2022-30278 Black Duck Hub's MadCap Flare documentation files could be vulnerable to an XSS attack.
CVE-2022-20008 There is a way to read kernel heap memory due to uninitialized data in mMC_BLK_READ_SINGLE of block.c.
CVE-2022-23676 An arbitrary code execution vulnerability was found in ArubaOS-Switch Devices versions 15.xx, 16.01, 16.02 and earlier.
CVE-2022-23677 An arbitrary code execution vulnerability was found in ArubaOS-Switch Devices versions 15.xx, 16.01, 16.02 and earlier.
CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919
CVE-2022-28739 There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.
CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895
CVE-2022-26889 In versions before 8.1.2, the path to load a relative resource is vulnerable to path traversal.
CVE-2022-28005 The 3CX Phone System Management Console is vulnerable to an unauthenticated attacker who can access arbitrary files on the server. This could lead to credential disclosure.
CVE-2022-30295 uClibc-ng and uClibc use transaction IDs for DNS that may be vulnerable to cache poisoning.
CVE-2022-30294 Reject candidate with same ConsultID as CVE-2022-30293.
CVE-2022-24903 Rsyslog is a fast system for processing logs. TCP modules have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or other malfunction.
CVE-2022-25946 An authenticated attacker with Administrator access can exploit the ASM, ASM, and Guided Configuration versions before 9.0 to gain Administrator access.
CVE-2022-27588 We fixed this vulnerability in QVR 5.1.6 build 20220401 and later.
CVE-2022-1468 iControl REST users with guest privileges can delay iControl REST requests on all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x F5 BIG-IP.
CVE-2022-28714 On versions 16.1.2.2, 15.1.5.1, 14.1.4.6, 13.1.5, and all earlier versions of 12.1.x and 11.6.x, F5 BIG-IP APM could allow remote attackers to potentially gain access to sensitive information.
CVE-2022-28705 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, if ePVA and pva.fwdaccel BigDB are enabled, undisclosed requests to a vir END>
CVE-2022-1516 A NULL pointer dereference flaw was found in the X.25 set of network protocols in the way a user terminates their session and uses continued usage.
CVE-2022-1343 The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response
CVE-2022-1473 The OPENSSL_LH_flush() function has a memory leak that breaks certificate and key reuse.
CVE-2022-1292 The c_rehash script can be exploited to inject commands. It is distributed by some operating systems.
CVE-2022-20759 The web services interface of Cisco ASA and FTD VPN is vulnerable to an authenticated, but unprivileged, remote attacker.
CVE-2022-20746 The TCP proxy vulnerability in Cisco Firepower Threat Defense could allow an unauthenticated, remote attacker to cause a DoS.
CVE-2022-20767 An attack on the rule evaluation function of Cisco Firepower could lead to a DoS condition.
CVE-2022-20715 Vulnerability in Cisco ASA/FTD remote access SSL VPN features could lead to DoS.
CVE-2022-1475 An integer overflow was found in FFmpeg versions before 4.4.2 and 5.0.1 in g729_parse() when processing a specially crafted file.
CVE-2022-29849 An SUID binary in OpenEdge 11.7.14 and 12.x before 12.2.9 could be compromised.
CVE-2022-25645 Package dset is vulnerable to Prototype Pollution via 'dset/merge' mode, as dset checks for the top-level path containing __proto__, constructor or protorype.
CVE-2022-25844 In 1.7.0, the ' ' parameter of the posPre: 'repeat() of NUMBER_FORMATS.PATTERNS[1].posPre can be set with a very high volume.
CVE-2022-1015 An issue was found in the Linux kernel's netfilter API.
CVE-2022-1353 A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel
CVE-2022-22782 The Zoom Client for Meetings, Zoom Rooms for Conference Room, Zoom Plugins for Microsoft Outlook, and Zoom VDI Windows Meeting Clients all had an older version that was vulnerable to remote code execution.
CVE-2022-29499 The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 has an error that allows remote code execution.
CVE-2022-28506 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
CVE-2022-1108 SMI handler could be vulnerable to buffer validation, which is a potential vulnerability, due to local access and elevated privileges.
CVE-2022-29582 The Linux kernel before 5.17.3 has a use-after-free in io_uring timeouts due to a race condition.
CVE-2022-27406 FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 has a segmentation violation.
CVE-2022-26674 The RT-AX88U has a Format String vulnerability. An attacker can write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVE-2022-22558 Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability
CVE-2022-20783 The vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS could allow an attacker to cause a Denial of Service.
CVE-2022-20795 The Datagram TLS vulnerability in ASA and FTD software could allow an unauthenticated, remote attacker to cause high CPU utilization.
CVE-2022-20773 An attacker could impersonate a Cisco VA with a static SSH host key.
CVE-2022-0272 An external entity reference was improperly restricted in a GitHub repository before 1.20.0.
CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
CVE-2022-24272 An authenticated user can crash or deny service to the $external database if the validation of the command is incorrect. This affects MongoDB Inc.
CVE-2022-28327 P-256 in Go before 1.17.9 and 1.18.x allows a panic with long scalar input.
CVE-2022-24675 PEM encoding in Go before 1.17.9 and 1.18.x could have a Decode stack overflow.
CVE-2022-29527 AWS SSM Agent before 3.1.1208 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root.
CVE-2022-27536 Certificates can be malformed on macOS, causing Certificate.Verify to panic.
CVE-2022-0071 Hotdog did not replicate the JVM process resource limits, device restrictions, or syscall filters.
CVE-2022-21460 My MySQL Server is vulnerable to log-in points in older versions.
CVE-2022-21483 My Oracle Cluster is affected by vulnerabilities in versions 7.4.35, 7.5.25, 7.6.21, and 8.0.28.
CVE-2022-29457 NTLM Hash disclosure issue in Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131.
CVE-2022-24497 Windows Network File System Remote Code Execution Vulnerability
CVE-2022-24491 Windows Network File System Remote Code Execution Vulnerability
CVE-2022-26824 Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26809 Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-24538 Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability
CVE-2022-24536 Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26817 Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26826 Windows DNS Server Remote Code Execution Vulnerability
CVE-2022-26920 Windows Graphics Component Information Disclosure Vulnerability.
CVE-2022-20695 The authentication functionality of Cisco WLC Software can be bypassed by an unauthenticated, remote attacker who logs in to the device through the management interface.
CVE-2022-20697 The web services interface of Cisco IOS and IOS XE could be used to cause a DoS condition.
CVE-2022-20693 Injection vulnerability in the web UI of Cisco IOS XE Software could be exploited by an attacker with unauthorized access.
CVE-2022-20676 An attacker with local privilege escalation privilege on Cisco IOS XE could escalate to root privileges.
CVE-2022-20681 An attacker can elevate privileges on an affected device to level 15 by authenticating locally.
CVE-2022-20739 An attacker can execute commands as root with a vulnerability in Cisco SD-WAN vManage CLI.
CVE-2022-20716 An attacker with local privilege escalation in Cisco SD-WAN Software due to improper access control of files.
CVE-2022-27188 Command injection vulnerability exists to access the affected computer.
CVE-2022-1304 An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
CVE-2022-22966 An authenticated, high-privileged malicious actor with network access to a VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.
CVE-2022-22185 An attacker can exploit a vulnerability in Juniper Networks Junos OS on SRX Series to cause a DoS by sending a specific fragmented packet and crashing flowd process.
CVE-2022-22197 Operation on a resource after expiration or release vulnerability in Routing Protocol Daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service.
CVE-2022-22188 An Uncontrolled Memory Allocation vulnerability in the Juniper Networks Junos OS packet forwarding engine can lead to a Denial of Service.
CVE-2022-22193 An attacker with low privileges can cause a Denial of Service in the Routing Protocol Daemon of Juniper Networks Junos OS and Junos OS Evolved.
CVE-2022-27479 Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests
CVE-2022-22960 VMware Workspace ONE, Identity Manager, and vRealize Automation have a privilege escalation vulnerability due to improper permissions in support scripts.
CVE-2022-1280 An 'use-after-free' vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel.
CVE-2022-27506 Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
CVE-2022-29156 In the Linux kernel before 5.16.12, a double free related to rtrs_clt_dev_release occurs.
CVE-2022-22279 An arbitrary file read vulnerability in SRA products and older SMA 100 series products.
CVE-2022-0436 Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
CVE-2022-1161 An attacker with the ability to modify a user program may change code on Control, CompactLogix, and GuardLogix Control systems.
CVE-2022-28796 In kernel 4.14, jbd2_journal_wait_updates calls transaction_t's ftruncate() which might lead to a use-after-free.
CVE-2022-23971 ASUS RT-AX56U has a path traversal vulnerability in its update_PLC/PORT file due to improper filtering of URL parameters.
CVE-2022-20754 The API and web-based management interfaces of Cisco Expressway and VCS could be vulnerable to write privileges if an attacker has read/write privileges.
CVE-2022-20755 The API and web-based management interfaces of Cisco Expressway and VCS could be vulnerable to write privileges if an attacker has read/write privileges.
CVE-2022-20782 An attacker could exploit a vulnerability in Cisco ISE to obtain sensitive information.
CVE-2022-20756 An attacker could exploit this vulnerability to stop the affected system from processing RADIUS packets.
CVE-2022-24978 ManageEngine ADAudit Plus allows authenticated privilege escalation on Integrated products.
CVE-2022-26357 Domain IDs in Xen are up to 15 bits wide. VT-d hardware may only hold less than 15 bits of domain ID.
CVE-2022-0808 An attacker who convinces a user to perform tasks could exploit heap corruption to gain privileges.
CVE-2022-1175 In earlier versions, user input could be improperly sanitized. This could lead to XSS if the user input contains HTML.
CVE-2022-28389 in the Linux kernel through 5.17.1, a double free issue.
CVE-2022-28356 In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-22963 In versions 3.1.6, 3.2.2 and older, using routing functionality may lead to remote code execution and access to local files.
CVE-2022-22950 SpEL expressions in older versions of Spring Framework 5.3.0 - 5.3.16 can be used to cause a denial of service.
CVE-2022-22986 An attacker on the network can run OS commands on the OG410X/OG810X with older firmware versions.
CVE-2022-1160 heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
CVE-2022-23793 An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0
CVE-2022-0998 An integer overflow flaw was found in the virtio device driver code when a user triggers the vhost_vdpa_config_validate function.
CVE-2022-27907 Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVE-2022-24693 Baicells Nova436Q and Neutrino430 devices have hardcoded credentials that can be used by remote attackers to authenticate via ssh.
CVE-2022-26871 An arbitrary file upload vulnerability in Trend Micro Apex Central could lead to remote code execution.
CVE-2022-22948 The vCenter Server has an information disclosure vulnerability due to improper permission of files.
CVE-2022-0738 An issue was found in GitLab before versions 14.6, 14.7, 14.8.
CVE-2022-0342 CGI program of Zyxel USG/ZyWALL series versions 4.20 through 4.70, USG FLEX versions 4.50 through 5.20, ATP 4.32 through 5.20 can be bypassed.
CVE-2022-27950 An error in the Linux kernel's hid subsystem causes a memory leak when a certain event happens.
CVE-2022-24303 Pillow before version 9.0.1 allows attackers to delete files if spaces are mishandled.
CVE-2022-27947 An attacker can execute commands on R8500 devices with the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter set to shell metacharacters.
CVE-2022-27945 The R8500 routers allow remote attackers to execute arbitrary commands via shell metacharacters in the password.cgi parameters.
CVE-2022-27943 Demangle_const can consume stack in GCC 11.2.
CVE-2022-22274 Stack-based buffer overflow in the firewall of SonicOS via HTTP request can cause Denial of Service or code execution.
CVE-2022-0494 A kernel information leak was found in scsi_ioctl.
CVE-2022-0500 An out-of-bounds memory write was found in BPF subsystem when a user loads BTF.
CVE-2022-0322 An error was found in the SCTP network protocol of the Linux kernel, which is a user privilege access issue.
CVE-2022-1040 An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall v18.5 and older.
CVE-2022-24291 Print devices may be vulnerable to information disclosure, denial of service, or remote code execution.
CVE-2022-22951 An OS command injection vulnerability is present in VMware Carbon Black App Control prior to 8.5.14, 8.6.6, 8.7.4 and 8.8.2.
CVE-2022-0635 BIND 9.18.0 is vulnerable to a denial of service attack when it receives specific queries.
CVE-2022-0396 BIND 9.16.11 -> 9.18.0 and version 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.
CVE-2022-27666 An IPsec ESP overflow vulnerability was found in transformation code.
CVE-2022-0667 When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
CVE-2022-0652 Confd log files contain local users' hashes with insecure access permissions.
CVE-2022-0386 An SQL injection vulnerability in the Mail Manager of Sophos UTM v9.710 allows an attacker to execute code.
CVE-2022-26184 Poetry v1.1.9 and earlier had an untrusted search path which can lead to unexpected behavior when users run commands in a directory with malicious content.
CVE-2022-0415 Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6
CVE-2022-27226 An issue was found in iRZ Mobile routers' /api/crontab that allows a threat actor to create a crontab entry.
CVE-2022-25578 taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file
CVE-2022-27250 The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, record video of the device's physical environment, or modify data.
CVE-2022-22623 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-22586 An out-of-bounds write issue was fixed in macOS Monterey 12.2.
CVE-2022-0547 OpenVPN may allow authentication bypass if more than one external authentication plugin uses deferred replies, which allows access to the user with only partially confirmed data.
CVE-2022-22651 Out-of-bounds write issue fixed in macOS Monterey 12.3.
CVE-2022-24771 Node-forge is a native implementation of Transport Layer Security with RSA PKCS#1 v1.5 signature verification code that is lenient in checking the digest algorithm structure.
CVE-2022-0742 The icmp6 implementation in the Linux kernel can be used to exploit a memory leak and DoS a host.
CVE-2022-27191 The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b allows attackers to crash servers with AddHostKey.
CVE-2022-23812 The package node-ipc contains malicious code that targets users in Russia and Belarus and overwrites their files with a heart emoji.
CVE-2022-0811 A flaw was found in CRI-O in the way it set kernel options for a pod
CVE-2022-26351 Reject candidate with duplicate CVE-2022-26320. ConsultIDs: CVE-2022-26320.
CVE-2022-26320 Rambus SafeZone Basic Crypto Module before 10.4.0 generates RSA keys that are vulnerable to brute force attacks. An attacker may be able to decrypt older devices using this module.
CVE-2022-23960 Arm Cortex and Neoverse processors don't properly restrict cache speculation, aka Spectre-BHB. An attacker can use the shared branch history in the Branch History Buffer to influence mispredicted branches.
CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12
CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability
CVE-2022-24421 Dell BIOS contains an improper input validation vulnerability
CVE-2022-0907 Attackers can cause a denial-of-service by dereferencing an un-checked return value in tiffcrop in libtiff 4.3.0.
CVE-2022-0924 Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service.
CVE-2022-0860 Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
CVE-2022-0725 A flaw was found in KeePass that logs plain text passwords in system log and exposes information.
CVE-2022-0516 An attacker with a normal user privilege can obtain memory write access in KVM for s390.
CVE-2022-0865 tiffcp in libtiff 4.3.0 has a reachable assertion that can cause a denial of service.
CVE-2022-0433 A bug in the Linux BPF subsystem allows local users to crash the system by getting a NULL pointer dereference.
CVE-2022-0813 An attacker can retrieve sensitive information by creating invalid requests in phpMyAdmin 5.1.1 and earlier.
CVE-2022-0891 Heap buffer overflow in tiffcrop.c in libtiff library version 4.3.0 could lead to application crash.
CVE-2022-0847 The "flags" member of the new pipe buffer is uninitialized in copy_page_to_iter_pipe and push_pipe, which could contain stale values.
CVE-2022-0715 An UPS could be compromised when a key is leaked and used to upload malicious firmware.
CVE-2022-22805 An attack could occur when an improperly handled TLS packet is reassembled and executed.
CVE-2022-22806 An authentication bypass vulnerability could occur when a malformed connection is sent to the UPS.
CVE-2022-0022 The cryptographic algorithm used in PAN-OS software is weak, which allows password cracking attacks on administrator and local user accounts.
CVE-2022-21990 Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-23253 Point-to-Point Tunneling Protocol Denial of Service Vulnerability.
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability.
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-24713 Regex is a crate with built-in mitigations to prevent DoS attacks caused by untrusted regexes or input matched by trusted regexes.
CVE-2022-26314 An vulnerability in the Mendix Forgot Password Appstore module has been identified. Incompetent passwords are generated.
CVE-2022-0845 Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
CVE-2022-24921 Regexp.Compile in Go before 1.16.15 and 1.17.x allows stack exhaustion if a deeply nested expression.
CVE-2022-26318 An unauthenticated user can execute arbitrary code on WatchGuard Firebox and XTM appliances.
CVE-2022-22946 Applications with HTTP2 enabled and no key store or trusted certificates are set to use an insecure TrustManager.
CVE-2022-0730 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
CVE-2022-22947 In earlier versions of the gateway, applications are vulnerable to code injection if the Gateway Actuator endpoint is enabled, exposed and unsecured.
CVE-2022-0265 Hazelcast in 5.1-BETA-1 released with improper restriction of XML Entity Reference in GitHub repository.
CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows
CVE-2022-0711 A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header
CVE-2022-23779 Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone
CVE-2022-25634 System library files can be loaded from an unintended working directory.
CVE-2022-0824 Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
Notag posts