CVE-2022-34671 An NVIDIA GPU Display Driver has a user mode vulnerability where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, denial of service, or escalated privileges.
CVE-2022-41767 An issue was found in MediaWiki before 1.35.8, 1.36.x, 1.37.x, and 1.38.x before 1.38.3.
CVE-2021-44856 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
CVE-2021-38561 The index calculation of golang.org/x/text before 0.3.7 is mishandled, causing an out-of-bounds read in BCP 47 tag parsing.
CVE-2021-44855 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
CVE-2022-37706 Enlightenment before 0.25.4 is setuid root and has a system library function that mishandles pathnames that begin with /dev.
CVE-2022-42898 MIT Kerberos 5 has an integer overflow that may lead to remote code execution on 32-bit platforms.
CVE-2022-45197 Slixmpp before 1.8.3 lacks SSL Certificate hostname validation, which allows an attacker to pose as any server.
CVE-2022-22743 An attacker-controlled tab could make the browser unable to leave fullscreen mode.
CVE-2022-29910 Firefox for Android would not properly record and persist HSTS settings if it's closed or sent to the background.
CVE-2022-31741 A crafted CMS message could have led to an invalid memory read, potentially memory corruption
CVE-2022-29912 Requests initiated through reader mode did not properly omit cookies with a SameSite attribute
CVE-2022-22738 An application could access out of bounds memory and cause a heap buffer overflow. This could be exploited to crash the application.
CVE-2022-36314 When opening a Windows shortcut, an attacker could supply a remote path that leads to unexpected network requests. This bug only affects Firefox for Windows.
CVE-2022-22745 Security policy violations could leak cross-origin information for frame-ancestors violations.
CVE-2022-34472 If a PAC URL is set and the server hosting the PAC is not reachable, OCSP requests will be blocked, resulting in incorrect error pages.
CVE-2022-29916 Firefox treats CSS variables differently when they are already known resources. This could be used to probe the browser history.
CVE-2022-2226 An OpenPGP digital signature includes the date when the signature was created. When displaying an email with a digital signature, the email's date will be shown.
CVE-2022-42930 If two Workers initialize CacheStorage, a data race could happen in ThirdPartyUtil
CVE-2022-22742 Text in edit mode might have lead to exploitable crash.
CVE-2022-29918 Mozillla developers reported memory safety bugs in Firefox 99.
CVE-2022-29915 The Performance API did not properly hide the fact whether a request has observed redirects. This issue is resolved.
CVE-2022-31739 The % character was not escaped when downloading on Windows, which could have lead to files being saved to attacker-influenced paths.
CVE-2022-22754 An extension could have auto-updated itself and bypassed the prompt which grants it requested permissions.
CVE-2022-31744 CSS injected via internal URIs could bypass a page's Content Security Policy.
CVE-2022-36317 An overly long URL can cause a Denial of Service. This only applies to Firefox for Android.
CVE-2022-22744 The "Copy as curl" feature in DevTools isn't properly escaped for PowerShell. This could lead to command injection in a powershell prompt. This bug affects only Thunderbird for Windows.
CVE-2022-29914 Reusing existing popups could have allowed for browser spoofing attacks.
CVE-2022-34468 An iframe with scripts that are disabled could run scripts if the user clicks a code>javascript:/code> link.
CVE-2022-40962 Firefox 104 and ESR 102.2 were reported for memory safety bugs.
CVE-2022-45404 An attacker can go fullscreen through popups and code>window.print()/code> calls. This can lead to user confusion or spoofing attacks.
CVE-2022-45412 A symlink can produce an error message with a memory buffer when it is resolved to a string.
CVE-2022-45420 An attacker could use tables inside iframes to spoof contents or confuse users.
CVE-2022-22763 When a worker is shutdown, it is possible to cause script to run late in the lifecycle.
CVE-2022-45418 If a custom mouse cursor is specified in CSS, it could be drawn over the browser UI, resulting in user confusion or spoofing attacks.
CVE-2022-45421 Mozilla developers Andrew McCreight and Gabriele Svelto found memory safety bugs in Thunderbird 102.4.
CVE-2022-29917 Mozilla developers found memory safety bugs in Firefox 99 and Firefox ESR 91.8.
CVE-2022-22756 Drag and drop of an image could lead to file being changed to run arbitrary code after user clicks.
CVE-2022-29909 Documents in deeply-nested cross-origin browsing contexts could have gained the top-level origin's permissions, bypassing the prompt and possibly inheriting the permissions.
CVE-2022-22748 Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program or handling an external URL protocol.
CVE-2022-29911 An improper implementation of code>allow-top-navigation-by-user-activation/code> could lead to script execution without code>allow-scripts/code> being present.
CVE-2022-22759 An iframe with sandboxed scripts wouldn't allow scripts if a document append element has a JavaScript event handler.
CVE-2022-36315 Subresource Integrity protects against script reuse when an injection attack occurs.
CVE-2022-22740 Network request handles were freed too early which could lead to a use after free and exploitable crash.
CVE-2022-36319 Overflow and transform can interfere with each other, resulting in unpredictable mouse behavior.
CVE-2022-22741 Resizing a popup while requesting fullscreen access would make it impossible to leave fullscreen mode.
CVE-2022-34481 An integer overflow could have occurred in the code>nsTArray_Impl::ReplaceElementsAt()/code> function when the number of elements to replace was too large.
CVE-2022-34485 Mozilla developers found vulnerabilities in Firefox 101.
CVE-2022-42932 Memory safety bugs were found in Thunderbird 102.3.
CVE-2022-34470 Session history navigations may have led to a use-after-free and potentially exploitable crash
CVE-2022-31747 Memory safety bugs were found in Firefox 100 and Firefox ESR 91.9.
CVE-2022-45408 Popups through windowName can go fullscreen without notification, spoofing attacks.
CVE-2022-36318 When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-31740 WASM code could cause a register allocation problem and exploitable crash on arm64.
CVE-2022-1802 An attacker could have corrupted the methods of an Array object to achieve execution of attacker-controlled code in a privileged context
CVE-2022-42928 An annotation missing in some allocated types could have lead to memory corruption and a crash.
CVE-2022-26486 An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.
CVE-2022-34479 A malicious website that shows a popup could take over the address bar and spoof users.
CVE-2022-3032 An code>iframe/code> element with a code>srcdoc/code> attribute could use remote objects inside the nested document, which were not blocked.
CVE-2022-42927 A same-origin policy violation could have allowed theft of cross-origin URL entries, leaking the result of a redirect.
CVE-2022-38473 An iframe with an XSLT document would have the parent domain's permissions.
CVE-2022-38472 XSLT error handling can be abused to associate attacker-controlled content with another origin. This could be used to fool the user into submitting data intended for the spoofed origin.
CVE-2022-38474 A website with microphone access could record audio without notification.
CVE-2022-0566 An attacker can write 1 byte outside of Thunderbird's bounds to exploit this vulnerability.
CVE-2022-28287 Text selection could cause text selection caching to behave incorrectly, causing a crash.
CVE-2022-28286 The layout of the iframe contents could have been changed in a way that could lead to user confusion or spoofing attacks.
CVE-2022-31736 A malicious website could have learned the size of a cross-origin resource.
CVE-2022-3033 An HTML email containing a code>meta/code> tag with the code>http-equiv="refresh"> attribute can be used to launch a DNS request and refresh the page. This can be used to launch a phishing attack.
CVE-2022-42931 The password was saved by the Form Manager, not the password manager.
CVE-2022-2505 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-31748 Gabriele Svelto, Timothy Nikkel, Randell Jesup, and the Mozilla Fuzzing Team found memory safety bugs in Firefox 100.
CVE-2022-1529 An attacker could have sent a message to the parent process and used the contents to double-index into a JavaScript object, leading to attacker-controlled JavaScript executing in the privileged parent process.
CVE-2022-38478 The Mozilla Fuzzing Team found memory safety bugs in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12.
CVE-2022-38476 Data races in the code>PK11_ChangePW/code> function could lead to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password.
CVE-2022-38477 Firefox 103 and ESR 102.1 have memory safety bugs.
CVE-2022-36320 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-28282 Using a link rel="localization"> could lead to a use-after-free and potential exploitable crash.
CVE-2022-34482 An attacker could trick a user to drag and drop an image to a filesystem to get an executable filename, which could contain malicious code.
CVE-2022-34478 The ms-msdt, search, and search-ms protocols bring content from browsers to Microsoft applications, avoiding the browser.
CVE-2022-42929 A browser may shut down if a site calls code>window.print()/code>, which may persist beyond browser restart.
CVE-2022-2200 An attacker can corrupt an object prototype to set undesired attributes, which can lead to privileged code execution.
CVE-2022-34480 An allocated pointer would be freed if one allocation fails.
CVE-2022-3034 An code>iframe/code> was specified in an HTML email, but Thunderbird didn't load the document.
CVE-2022-31737 An attacker wrote code outside of WebGL memory, which could lead to memory corruption and a crash.
CVE-2022-26381 An attacker could exploit a use-after-free to crash the browser.
CVE-2022-41654 The newsletter subscription functionality of Ghost Foundation 5.9.4 can be exploited to gain increased privileges.
CVE-2022-3775 Grub2's font code doesn't validate if the glyph's width and height is in bitmap size.
CVE-2022-2601 A buffer overflow was found in grub_font_construct_glyph()
CVE-2022-22488 IBM OpenBMC OP910 and OP940 could be vulnerable to denial of service if a user uploads or deletes many CA certificates.
CVE-2022-34318 IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim
CVE-2022-20689 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20690 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20686 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20687 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20691 The Cisco ATA 190 Series Adaptive Telephone Adapter has a vulnerability that could be exploited to cause a DoS condition.
CVE-2022-33186 Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, and earlier versions have a vulnerability that could allow a remote unauthenticated attacker to execute commands on the switch that could disable the switch or modify Zoning.
CVE-2022-41622 BIG-IP and BIG-IQ are vulnerable to CSRF attacks through iControl SOAP.
CVE-2022-41800 An Administrator user can bypass appliance mode restrictions with an undisclosed iControl REST endpoint.
CVE-2022-43548 An OS command injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed due to IsIPAddress not properly checking if an IP address is invalid.
CVE-2022-4252 SourceCodester Canteen Management System has a vulnerability that is classified as problematic. The manipulation leads to cross site scripting.
CVE-2022-4250 The vulnerability of the file booking.php is a problem because the id argument is manipulated by cross site scripting.
CVE-2022-36431 An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code.
CVE-2022-44294 The Sanitization Management System v1.0 is vulnerable to SQL Injection.
CVE-2022-1606 In M-Files Server versions before 22.3.11164.0 and 22.3.11237.1, user can read unmanaged objects if privilege assignment is incorrect.
CVE-2022-24441 The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project
CVE-2022-4231 A vulnerability has been found in Tribal Systems Zenario CMS 9.3.57595 that affects Remember Me Handler. Manipulation leads to session fixiation.
CVE-2022-3859 An uncontrolled search path vulnerability exists in versions of Trellix Agent prior to 5.7.8. An attacker can exploit this vulnerability to access files on the system.
CVE-2022-4189 An attacker could bypass navigation restrictions in Chrome with a malicious extension if they convince a user to install it.
CVE-2022-4176 An out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker to exploit heap corruption via UI interactions.
CVE-2022-36137 CRM version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS.
CVE-2022-41676 Raiden MAILD Mail Server website mail field has insufficient filtering for user input
CVE-2022-36136 The latest version of the ChurchCRM XSS vulnerabilities allow attackers to store XSS.
CVE-2022-41912 The crewjam/saml go library before version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9.
CVE-2022-2983 The Salat Times WordPress plugin 3.2.2 has security issues because it doesn't sanitize its settings and can be exploited to do Cross-Site Scripting attacks.
CVE-2022-3610 The Jeeng Push Notifications plugin before 2.0.4 has settings that could allow high privilege users to perform Stored Cross-Site Scripting attacks.
CVE-2022-3865 The WP User Merger plugin before 1.5.3 does not properly sanitise and escape a parameter, which allows users with a role as low as admin to inject SQL queries.
CVE-2022-45939 In GNU Emacs through 28.2, attackers can execute commands in the name of a source-code file because lib-src/etags.c uses the system C library function.
CVE-2022-39332 Nextcloud desktop sync client with desktop client application, attacker can inject HTML.
CVE-2022-41158 Vulnerable code can be created with cookie values as file paths.
CVE-2022-45206 Jeecg-boot v3.4.3 had a SQL injection vulnerability.
CVE-2022-44411 A web based quiz system transmits users passwords in plaintext, allowing attackers to obtain them via a bruteforce attack.
CVE-2022-40282 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection
CVE-2022-45884 An issue was discovered in the Linux kernel through 6.0.9
CVE-2022-29825 An attacker can access sensitive information using an hard-coded password vulnerability in Mitsubishi Electric GX Works3 versions.
CVE-2022-29833 An attack can disclose sensitive information if Mitsubishi Electric Corporation GX Works3 is not properly protected against Inc. insufficiently protected credentials.
CVE-2022-25164 Mitsubishi Electric GX Works3 and MX OPC UA Module Configurator-R have a vulnerability that allows the disclosure of sensitive information if Cleartext Storage of Sensitive Information is enabled.
CVE-2022-26885 When using tasks to read config files, there is a risk of database password disclosure
CVE-2022-44120 dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.
CVE-2022-45278 Jizhicms v2.3.3 contains a SQL injection vulnerability.
CVE-2022-45866 The qpress file editor before version 11.3 allows directory traversal via ../ in a .qp file.
CVE-2022-44140 Jizhicms v2.3.3 contains a SQL injection vulnerability.
CVE-2022-41875 An RCE vulnerability in Optica allows attackers to execute arbitrary code.
CVE-2022-41929 The xwiki-platform-oldcore package is missing authorization, which may allow a user with only Script rights to enable or disable a user.
CVE-2022-35501 Stored XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 due to the duplicate post function.
CVE-2022-44255 An overflow in the pre-authentication function of the TOTOLINK LR350 V9.3.5u.6369_B20220309 has been found.
CVE-2022-45462 Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users.
CVE-2022-37772 Maarch RM 2.8.3 has an improper restriction of excessive authentication attempts due to excessive verbose responses from the application.
CVE-2020-23590 The Optilink V2.2 and V3.3.1 OP-XT71000N has a CSRF vulnerability that can be exploited to change the password for the WLAN SSID.
CVE-2020-23592 An unauthenticated, remote attacker can conduct a CSRF attack to reset the ONU to factory default.
CVE-2020-23591 An attacker can upload files through the " /mgm_dev_upgrade.asp " to delete all files for Denial of Service.
CVE-2022-37773 An SQL Injection vulnerability in the statistics page of Maarch RM 2.8 allows disclosure of all databases.
CVE-2022-41943 It is possible to execute commands on Gitserver's admin site when the experimental customGitFetch feature is enabled. This feature has now been disabled by default.
CVE-2022-44806 D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
CVE-2022-44201 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44187 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.
CVE-2022-42098 KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.
CVE-2022-2513 IEDs are stored in a cleartext form in Hitachi Energy's ConnPack, PCM600 versions below.
CVE-2022-37931 NetBatch-Plus has a vulnerability, and HPE has provided a workaround and fix.
CVE-2022-41223 The Director database component of MiVoice Connect through 19.3 could be vulnerable to a code-injection attack.
CVE-2022-41936 The `modifications` API does not filter entries by user rights.
CVE-2022-41937 The XWiki Platform is a generic wiki platform that offers runtime services for applications built on it. The application allows anyone with view access to modify any page.
CVE-2022-30529 The asith-eranga ISIC tour booking has an upload vulnerability. An attacker can upload arbitrary files.
CVE-2022-43709 The Admin CP's Users module has a SQL injection vulnerability that allows remote users to modify the query string.
CVE-2022-43708 Attachments interface has XSS vulnerabilities that allow attackers to inject HTML.
CVE-2022-30258 Technitium DNS Server through 8.0.2 has V2 domain name resolution vulnerability, which can be exploited to resolve revoked or malicious domains.
CVE-2022-3388 An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600.
CVE-2022-38148 Silverstripe silverstripe/framework through 4.11 allows SQL Injection.
CVE-2022-45016 The XSS vulnerability in the WBCE CMS Search Settings module allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-45013 An XSS vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-4096 Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.
CVE-2022-3691 The DeepL Pro API translation plugin before 1.7.5 leaks sensitive information in its log files, including the API key.
CVE-2022-1581 WP-Polls pluginprioritized getting visitor IP over PHP's REMOTE_ADDR, which made it possible to bypass IP-based limitations to vote in certain situations.
CVE-2022-3600 The Easy Digital Downloads plugin before 3.1.0.2 has a bug that could lead to CSV injection.
CVE-2022-3589 An API endpoint used by Miele's "AppWash" was vulnerable to an authorization bypass.
CVE-2022-4084 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-4077 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-4072 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-4065 The cbeust testing tool has a critical vulnerability. The file testng-core/src/main/java/org/testng/JarFileUtils.java of the XML File Parser component has a vulnerability.
CVE-2022-4066 An issue was found in the function onion_response_flush of the file src/onion/response.c of the component Log Handler.
CVE-2022-41939 The kub::func library and CLI enables development and deployment of Kubernetes functions.
CVE-2022-31606 The NVIDIA GPU Display Driver has a vulnerability in the DxgkDdiEscape kernel mode handler that can allow an attacker with user capabilities to crash the system.
CVE-2022-41155 Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.
CVE-2022-31615 The NVIDIA GPU Display Driver has a vulnerability in the kernel mode layer that a local user can exploit to cause a denial of service.
CVE-2022-31612 An NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a local user with basic capabilities can cause an out-of-bounds read which may lead to a system crash or a leak of information.
CVE-2022-31617 The NVIDIA GPU Display Driver has a vulnerabilty that a local user with basic capabilities can cause an out of bounds read, which may lead to code execution, den h of service, or escalation of privilege.
CVE-2022-31613 An NVIDIA GPU Display Driver vulnerability in the kernel mode layer may lead to a kernel panic.
CVE-2022-34665 An attacker with local user access can cause a null-pointer dereference, which may lead to a denial of service.
CVE-2022-31610 An issue has been found in the NVIDIA GPU Display Driver. An attacker with local user access can cause an out-of-bounds write, which may lead to code execution or denial of service.
CVE-2022-34667 The NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability exploited by an unprivileged remote attacker who can convince a local user to download a specially crafted corrupted file.
CVE-2022-31616 An NVIDIA GPU driver has a vulnerability that a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service or information disclosure.
CVE-2022-31608 The NVIDIA GPU Display Driver has a vulnerability in D-Bus that a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, or escalation of privilege.
CVE-2022-44740 CSRF Vulnerabilities in Creative Mail plugin = 1.5.4 on WordPress.
CVE-2022-42459 Auth
CVE-2022-43492 Auth
CVE-2022-45082 Multiple Auth
CVE-2022-45163 An information disclosure vulnerability exists on NXP devices configured in SDP mode i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, and i.M.
CVE-2022-45132 Lava before 2022.11.1 has a Jinja2 remote code execution vulnerability.
CVE-2022-45073 REST API Authentication plugin = 2.4.0 has a CSRF vulnerability.
CVE-2021-37936 Kibana wasn't sanitizing document fields containing HTML, which allowed attackers to write arbitrary HTML.
CVE-2022-40216 Auth
CVE-2022-44584 Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
CVE-2021-33621 cgi gem before 0.1.0.2, 0.2.x, and 0.3.x allows HTTP response splitting.
CVE-2021-31739 SEPPmail is vulnerable to a Cross-Site Scripting vulnerability, as user input is not correctly encoded in HTML attributes when returned by the server.
CVE-2021-22141 An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16
CVE-2022-42497 Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.
CVE-2022-42698 Unauth
CVE-2022-44634 Auth
CVE-2022-41886 TensorFlow is an open source platform for machine learning that has a bug in its ImageProjectiveTransformV2 operation. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba
CVE-2022-41885 TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor, it overflows and is patched in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce.
CVE-2022-41898 TensorFlow is an open source machine learning platform. We patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8.
CVE-2022-41884 TensorFlow is an open source machine learning platform that can raise an error if a numpy array has a shape of one element with the others summing up to a large number.
CVE-2022-41888 TensorFlow is an open source platform for machine learning. When using GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that is not checked >
CVE-2022-41880 TensorFlow is an open source machine learning platform. When the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max, a heap oob read occurs.
CVE-2022-41908 TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 string will fail check in tf.raw_ops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645.
CVE-2022-41901 TensorFlow is an open source platform for machine learning. An input matrix with rank 0 will fail in "SparseMatrixNNZ"
CVE-2022-41883 TensorFlow is an open source platform for machine learning that has been patched for an issue where the executor crashes when given different input sizes.
CVE-2022-37197 IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.
CVE-2022-43673 Wire through 3.22.3993 deletes sent messages but can retrieve them from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.
CVE-2022-43482 Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
CVE-2022-42461 Google Authenticator plugin = 5.6.1 has a Broken Access Control vulnerability.
CVE-2022-41805 The Booster for WooCommerce plugin has a CSRF vulnerability.
CVE-2022-41781 Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
CVE-2022-43463 Auth
CVE-2022-38974 WPML, a premium plugin for WordPress, has a vulnerability that allows users with subscriber or higher roles to change translation jobs.
CVE-2022-45471 Email throttling was missed in JetBrains Hub before 2022.3.15181.
CVE-2022-24038 Infraskope Security Event Manager has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed.
CVE-2022-24037 Infraskope Security Event Manager has an unauthenticated access, which could be exploited by an attacker.
CVE-2022-24939 An invalid packet can cause a stack overflow in the ZNet stack.
CVE-2022-43506 In Delta Electronics DIAEnergie v1.9.02.001, SQL Injection can be done via Network.
CVE-2022-36787 Webvendome - Webvendome SQL Injection
CVE-2022-39178 Webvendome's internal server IP is disclosed in a GET request.
CVE-2022-39179 College Management System v1.0 - Authenticated remote code execution
CVE-2022-45069 Auth
CVE-2022-45077 Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme <= 26.5.1.4 on WordPress.
CVE-2022-40192 Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVE-2022-43457 SQL Injection in Delta Electronics DIAEnergie v1.9.02.001
CVE-2022-43452 In Delta Electronics DIAEnergie versions before v1.9.02.001, SQL Injection can be injected.
CVE-2022-43447 Delta Electronics DIAEnergie allows SQL Injection via Network.
CVE-2022-43332 An XSS vulnerability in Wondercms v3.3.4 allows attackers to inject arbitrary web script or HTML.
CVE-2022-38165 Arbitrary write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with contents in arbitrary locations on F-Secure Policy Manager Server.
CVE-2022-44577 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-44736 Auth
CVE-2022-45375 Auth
CVE-2022-44591 Auth
CVE-2022-45066 Auth
CVE-2022-28766 The Zoom Client for Meetings and Room before 5.12.6 are vulnerable to DLL injection.
CVE-2022-36786 DLINK router allows you to configure NTP servers via jsonrpc API.
CVE-2022-20459 Code execution can be redirected due to improper input validation. System execution privileges are needed.
CVE-2021-36905 Multiple Auth
CVE-2022-20428 An out of bounds write could lead to local escalation of privilege with System execution privileges.
CVE-2022-43096 Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
CVE-2022-40694 Auth
CVE-2022-40200 Auth
CVE-2022-41775 In Delta Electronics DIAEnergie v1.9.02.001 and earlier, SQL Injection is possible via Network.
CVE-2022-20427 There is a possible way to corrupt memory and gain System execution privileges in (TBD) of (TBD).
CVE-2022-41315 Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.
CVE-2022-41791 Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.
CVE-2022-41132 An unauthenticated plugin setting change vulnerability in Ezoic plugin = 2.8.8 on WordPress.
CVE-2022-45071 The premium WPML Multilingual plugin has a CSRF vulnerability.
CVE-2022-45072 The premium WPML Multilingual plugin has a CSRF vulnerability.
CVE-2022-42903 Zoho SupportCenter Plus allows low-privileged users to view the organization users list.
CVE-2022-44725 The LDS through 1.04.403.478 uses a hard-coded file path for a configuration file.
CVE-2022-38461 The WPML Access Control vulnerability in the premium plugin =4.5.10 can be exploited by users with a subscriber or higher role to change the plugin settings.
CVE-2022-43192 An upload control component of Dedecms v5.7.101 is vulnerable to an arbitrary code execution attack.
CVE-2021-31608 Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CVE-2022-44001 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-43179 an SQL injection was found in the Leave Management System v1.0 admin component /admin/?page=user/manage_user&id=
CVE-2022-43163 An SQL injection vulnerability was found in the MDLMS v1.0 through the id parameter.
CVE-2022-43162 The id parameter of the a>NVDLMS v1.0 SQL injection vulnerability was found at /tests/view_test.php.
CVE-2022-43142 The add-fee.php component has an XSS vulnerability that can execute arbitrary web scripts, HTML files, or other dangerous content.
CVE-2022-41920 Lancet is a library for go that contains useful utility functions. An issue was found with zip fileutil, which is fixed in version 2.1.10 and 1.3.4.
CVE-2022-44402 Master.php?f=delete_transaction is vulnerable to SQL Injection.
CVE-2022-43138 Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges.
CVE-2022-42892 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-43140 The cn.keking.web.controller.OnlinePreviewController has a SSRF vulnerability.
CVE-2022-44384 An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code.
CVE-2022-42893 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-4051 Hostel Searching Project has a critical vulnerability involving unknown code. The manipulation of the argument property_id leads to sql injection.
CVE-2022-40751 UCD 6.2.7.0 through 7.2.3.1 may have a bug that allows an admin with "Manage Security" permissions to get files back.
CVE-2022-42954 Keyfactor EJBCA before 7.10.0 allows XSS.
CVE-2022-42982 NtripCaster 2.0.39 allows querying information over UDP without authentication. The NTRIP sourcetable is typically tens of kBs and can be requested with a packet of 30 bytes.
CVE-2022-42985 The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform XSS attacks.
CVE-2022-39834 A stored XSS vulnerability was found in PrimeKey EJBCA through 7.9.0.2.
CVE-2022-40881 SolarWinds IoT Device Management contains a command injection vulnerability.
CVE-2022-42245 Dreamer CMS 4.0.01 is vulnerable to SQL Injection.
CVE-2022-42246 Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.
CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.
CVE-2022-43782 Crowd affected versions allow attackers to authenticate as the application via security misconfiguration and call privileged endpoints.
CVE-2022-43781 An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system.
CVE-2022-42960 EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 has DOM XSS due to improper validation of message events to accessibility.js
CVE-2022-44005 BACKCLICK Professional 5.9.63 has a vulnerability that can reveal subscribers' e-mail addresses if the newsletter sign-up functionality uses consecutive IDs.
CVE-2022-44002 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44003 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44004 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44006 An issue was found in BACKCLICK 5.9.63, which has a validating and sanitizing issue that allows uploading files to unintended locations.
CVE-2022-44000 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44008 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44007 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-43999 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-39318 FreeRDP is a library for remote desktop protocol and clients, but affected versions don't have input validation. A malicious server can trick a client to crash with a division by zero.
CVE-2022-39316 FreeRDP is a remote desktop protocol library and clients affected in versions out of bound read in ZGFX decoder component.
CVE-2022-43135 The v1.0 of the Diagnostic Lab Management System was discovered to contain a SQL injection vulnerability via the username parameter.
CVE-2022-39347 FreeRDP is a library and clients for remote desktop protocol. They're missing path canonicalization and base path checking for the `drive` channel.
CVE-2022-41877 FreeRDP is a library for remote desktop protocol, affected versions have input length validation in `drive` channel missing.
CVE-2022-41914 Zulip is an open-source team collaboration tool
CVE-2022-39320 FreeRDP is a library for remote desktop protocol and clients. An affected version may attempt integer addition on too narrow types and allocate a buffer too small holding the data written.
CVE-2022-39383 KubeVela is an application delivery platform. Users using the VelaUX API could be affected by this vulnerability.
CVE-2022-44069 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVE-2022-44073 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.
CVE-2022-44071 Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.
CVE-2022-44070 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.
CVE-2022-43234 An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code.
CVE-2022-43263 An XSS vulnerability in Arobas Music Guitar Pro before v1.10.2 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43256 The SeaCms v12.6 was found to have a SQL injection vulnerability.
CVE-2022-43262 The Human Resource Management System v1.0 had a SQL injection vulnerability in the password parameter.
CVE-2022-4022 The SVG Support plugin defaults to insecure settings. Files with malicious javascript are not sanitized.
CVE-2022-4021 The Permalink Manager lite plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in versions up to 2.2.20.1.
CVE-2022-4018 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-3980 V5.0.0 - 9.7.4 Sophos Mobile on-premises has XEE SSRF and potential code execution vulnerabilities.
CVE-2022-3920 Consul and Consul Enterprise 1.13.0 to 1.13.3 do not filter out nodes and services that are used for the UI.
CVE-2022-41917 OpenSearch is a community-driven open source fork of Elasticsearch and Kibana that allows users to specify a local file.
CVE-2022-41918 OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana
CVE-2022-30768 Stored XSS flaw in ZoneMinder 1.36.12 allows Admin users to execute arbitrary HTML or JavaScript when they logout.
CVE-2022-29276 AhciBusDxe has SMI vulnerabilities, which lead to SMRAM corruption. This was discovered by Insyde during security review.
CVE-2022-30769 An attacker can poison a session cookie to the next logged-in user in ZoneMinder 1.36.12.
CVE-2022-4006 A vulnerability in WBCE CMS is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler.
CVE-2022-20943 Multiple vulnerabilities in the SMB2 processor of the Snort detection engine could allow an unauthenticated, remote attacker to bypass the configured policies or cause a DoS.
CVE-2022-20941 The web-based management interface of Cisco Firepower could be vulnerable to an unauthenticated, remote attacker who could access sensitive information.
CVE-2022-42785 Multiple W&T products of the ComServer Series are prone to an authentication bypass
CVE-2020-12508 An attacker in versions before 4.2 could get any file on the device by path traversal in the image-relocator module.
CVE-2022-38385 The IBM Cloud Pak for Security 1.10.0.0 through 1.10.2.0 could be exploited by an authenticated user to obtain sensitive information or perform unauthorized actions.
CVE-2020-12507 An attacker with access to monit tool 4.2 could access the database by injection.
CVE-2022-40753 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
CVE-2022-30771 The initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions.
CVE-2022-43265 An upload vulnerability in the Canteen Management System v1.0 component /pages/save_user.php allows attackers to execute arbitrary code.
CVE-2022-29275 Untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering and lead to escalation of privileges. This issue was discovered by Insyde during security review.
CVE-2022-20940 An vulnerability in Cisco Firepower Threat Defense could allow an attacker to gain access to sensitive information.
CVE-2022-20949 The management web server of Cisco Firepower Threat Defense could be exploited by an authenticated, remote attacker with high privileges.
CVE-2022-38201 Esri Portal for ArcGIS Quick Capture Web Designer has an unvalidated redirect vulnerability.
CVE-2022-20839 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20935 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-45389 An missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs for an attacker-specified repository.
CVE-2022-45381 Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier doesn't restrict the set of enabled prefix interpolators and bundles and allows attackers to download and execute arbitrary code.
CVE-2022-45393 An CSRF vulnerability in the Delete log Plugin 1.0 and earlier allows attackers to delete build logs.
CVE-2022-45398 An CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45383 The permission check in the Support/DownloadBundle plugin was flawed and could be abused by attackers with Support/DownloadBundle permission.
CVE-2022-45394 An attacker with Item/Read permission can delete build logs.
CVE-2022-27895 Foundry was vulnerable to log files being captured due to an issue in earlier versions.
CVE-2022-45380 Jenkins JUnit Plugin converted HTTP(S) URLs to clickable links which were unsafe, resulting in a XSS vulnerability that is exploitable by attackers with Item/Configure permission.
CVE-2022-45387 The Jenkins BART Plugin 1.0.3 and earlier does not escape the content of build logs before rendering it on the UI, resulting in a XSS vulnerability.
CVE-2022-45390 An error in the Jenkins loader.io plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-45399 An permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45382 Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds, resulting in a stored XSS vulnerabi l. This can be exploited by attackers who can edit build display name.
CVE-2022-45391 Jenkins NS-ND Integration Performance Plugin 4.8.0.143 and earlier disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
CVE-2022-3998 A critical vulnerability was found in Monika Brzica scm. It is possible to inject sql script to manipulate the id argument. This is a remote attack.
CVE-2022-41611 An XSS vulnerability in the BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML.
CVE-2022-3895 UI components aren't sanitizing output and are prone to XSS.
CVE-2022-41789 BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.
CVE-2022-3893 BlueSpice Custom Menu extension can be exploited via XSS attack by an admin user.
CVE-2022-42000 BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVE-2022-3958 BlueSpiceUserSidebar extension has XSS flaw that allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-42001 BlueSpiceBookshelf extension allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-41814 BlueSpiceFoundation extension allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVE-2022-3240 The "Follow Me Plugin" is vulnerable to Cross-Site Request Forgery up to 3.1.1 due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function.
CVE-2022-40309 Users with write permissions to a repository can delete arbitrary directories.
CVE-2022-40308 If anonymous read enabled, it's possible to read the database file directly without logging in.
CVE-2022-3480 An attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending more unauthenticated HTTPS connections from different source IP's.
CVE-2022-33237 Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold
CVE-2022-25674 Cryptographic issues in WPA/WPA2 group key handshake in Snapdragon Consumer, Industrial, and Voice & Music.
CVE-2022-25741 Denial of service in WLAN due to potential null pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, and more.
CVE-2022-25724 Graphics buffer overflow vulnerability in Snapdragon Auto, Compute, Connectivity, IOT, Mobile, Voice & Music.
CVE-2022-25742 Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server.
CVE-2022-25727 Memory corruption in consumer and industrial IoT devices due to improper length check.
CVE-2022-25667 The Snapdragon Wired Infrastructure and Networking component handles ICMP requests improperly, which exposes information disclosure.
CVE-2022-45402 In Airflow versions prior to 2.4.3, there was an open redirect in the webserver's /login endpoint.
CVE-2022-41396 An AC 1200 W15Ev2 router was found to have multiple command injection vulnerabilities in the function setIPsecTunnelList.
CVE-2022-40846 Tenda AC1200 Router has a stored XSS vulnerability that allows an attacker to execute JavaScript code via the applications stored hostname.
CVE-2022-40844 An issue with Tenda's W15Ev2 AC1200 router's applications' filtering tab allows an attacker to execute JavaScript code via the URL.
CVE-2022-42053 An AC1200 router was found to have a command injection vulnerability in the setPortMapping function.
CVE-2022-42060 An AC1200 router model W15Ev2 was discovered to have a stack overflow vulnerability.
CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.
CVE-2022-42058 The Tenda AC1200 router model W15Ev2 V15.11.0.10(1576) had a stack overflow vulnerability.
CVE-2022-42129 An IDOR vulnerability in the Liferay Portal DXP and 7.3-7.4 modules allows remote attackers to view and access form entries.
CVE-2022-42131 Liferay products are affected by SSL certificate validation in the Dynamic Data Mapping module's REST data providers.
CVE-2022-40847 There is a command injection vulnerability in the function formSetFixTools in Tenda W15Ev2 V15.11.0.10(1576).
CVE-2022-42126 The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8 and 7.4 before update 29 doesn't properly check permissions, which allows remote attackers to view asset libraries.
CVE-2022-42119 Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module
CVE-2022-42111 An XSS vulnerability in Liferay Portal's user notification module allows attackers to inject arbitrary web script or HTML.
CVE-2022-42127
CVE-2022-42121 SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA. It can allow remote attackers to execute arbitrary SQL commands.
CVE-2022-42123 The Elasticsearch Connector and Liferay DXP have a Zip Slip vulnerability. They can overwrite existing files on the filesystem.
CVE-2022-42128 Liferay Portal and DXP don't properly check permissions, which allows remote attackers to obtain a WikiNode object.
CVE-2022-35613 Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).
CVE-2022-33985 DMA transactions for NvmExpressDxe software could cause SMRAM corruption.
CVE-2022-33906 DMA transactions that are used by FwBlockServiceSmm software SMI handler could cause SMRAM corruption.
CVE-2022-33905 DMA transactions for AhciBusDxe software SMI handler could cause SMRAM corruption.
CVE-2022-42110 An XSS vulnerability in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script.
CVE-2022-33986 DMA attacks on the SMI handler's parameter buffer could lead to a TOCTOU attack.
CVE-2022-40405 The online community platform v4.1.2 was found to have a SQL injection vulnerability.
CVE-2022-33908 DMA transactions could corrupt SMRAM through a TOCTOU attack.
CVE-2022-33909 DMA transactions used by the HddPassword software SMI handler could cause SMRAM corruption.
CVE-2022-42984 The offset parameter of the WoW Wonder social network platform was found to be vulnerable to SQL injection.
CVE-2022-33983 DMA transactions used for NvmExpressLegacy software could cause SMRAM corruption.
CVE-2022-43689 Concrete CMS is vulnerable to XXE DNS requests that disclose IPs.
CVE-2022-43688 Concrete CMS 8.5.10 and 9.0.0 to 9.1.2 is vulnerable to Stored XSS because the Microsoft application tile color is not sanitized.
CVE-2022-43690 In CMS below 8.5.10, the legacy_salt function was not compared strictly, allowing authentication bypass if used.
CVE-2022-43030 An RCE vulnerability was found in SIYUCMS, a content management system.
CVE-2022-40903 Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 doesn't mitigate failed access attempts, which allows attackers to gain admin privileges.
CVE-2022-43687 Concrete CMS 9.0.0 - 9.1.2 does not issue a new session ID upon successful OAuth authentication.
CVE-2022-34325 DMA transactions which are used for the StorageSecurityCommandDxe SMI handler could cause SMRAM corruption.
CVE-2022-40735 The Diffie-Hellman Key Agreement Protocol allows use of long exponents that can be expensive when using short exponents.
CVE-2022-43691 Concrete CMS 9.0.0 to 9.1.2 have security issues when Debug Mode is on in production.
CVE-2022-33982 DMA attacks on the Int15ServiceSmm parameter buffer could lead to a TOCTOU attack on the SMI handler and lead to SMRAM corruption.
CVE-2022-43686 In Concrete CMS, the authTypeConcreteCookieMap table can be filled up causing a denial of service.
CVE-2022-43294 Tasmota was found to have a stack overflow in ClientPortPtr at lib/libesp32/rtsp/CRtspSession.cpp.
CVE-2022-43968 Reflected XSS was found in 9.0.0-9.1.2 versions of Concrete CMS below 8.5.10 and between dashboard icons.
CVE-2022-43967 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
CVE-2022-37109 Camp Fuller is vulnerable to Incorrect Access Control.
CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().
CVE-2022-43146 An arbitrary file upload vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary code.
CVE-2022-3362 Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
CVE-2022-41913 Discourse-calendar adds calendar functionality to the first post of a topic.
CVE-2022-44389 EyouCMS V1.5.9-UTF8-SP1 was found to have a Cross Site Request Forgery vulnerability in the Edit Admin Profile module.
CVE-2022-43323 EyouCMS V1.5.9-UTF8-SP1 was found to have a CSRF vulnerability in the Top Up Balance component.
CVE-2022-44387 EyouCMS V1.5.9-UTF8-SP1 had a CSRF vulnerability in the Basic Information component of the Edit Member module.
CVE-2022-44390 An XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-34320 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow attackers to decrypt sensitive information.
CVE-2022-43694 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
CVE-2022-43692 Reflected XSS can be exploited by a user if the targeted administrator is using an older browser that lacks XSS protection.
CVE-2022-34313 IBM CICS TX 11.1 doesn't set the secure attribute on authorization tokens or session cookies. This makes it easier for attackers to get the cookie values or send a http:// link to a user and plant the link.
CVE-2022-3993 Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
CVE-2022-38705 IBM CICS TX 11.1 Standard and Advanced could be vulnerable to a reverse tabnabbing flaw that could be exploited to redirect victims to phishing sites.
CVE-2022-43342 An XSS vulnerability in Eramba GRC Software c2.8.1's Add function allows attackers to inject arbitrary web scripts or HTML.
CVE-2022-45136 Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker controls the JDBC URL or causes the underlying database server to return malicious data.
CVE-2021-40272 OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).
CVE-2022-43288 The v3.2.1 version of the Rukovoditel software contains a SQL injection vulnerability.
CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.
CVE-2022-2449 The reSmush.it: the free Image Optimizer and compress plugin doesn't perform CSRF checks, allowing an attacker to trick logged in users to perform actions on their behalf.
CVE-2022-3477 The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper and Newsmag WordPress themes, doesn't properly implement Facebook login, which allows attackers to login as any use.
CVE-2022-3538 The Webmaster Tools Verification plugin through 1.2 doesn't have authorisation and CSRF, allowing unauthenticated users to disable arbitrary plugins.
CVE-2022-2450 The reSmush.it: the only free Image Optimizer & compress plugin before 0.4.4 lacks authorization, which allows subscribers to call it.
CVE-2022-3574 The WPForms Pro plugin before 1.7.7 does not validate form data when exporting, which could lead to CSV injection.
CVE-2022-3469 The WP Attachments plugin before 5.0.5 has an unsafe setting that could allow high-privilege users to do Stored Cross-site Scripting.
CVE-2022-3539 The Testimonials and Super-testimonial-pro plugins before 1.0.8 are not sanitizing and escaping their settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks.
CVE-2022-3578 The ProfileGrid WordPress plugin before 5.1.1 is vulnerable to Reflected XSS, which could be used to steal cookies and other data.
CVE-2022-3631 The OAuth plugin through 1.1.0 doesn't sanitize and escape some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks.
CVE-2022-45378 Apache SOAP's RPCRouterServlet has no authentication, which gives attackers the ability to invoke methods on the classpath.
CVE-2022-40127 An attacker with UI access can execute arbitrary commands via a DAG run_id parameter.
CVE-2022-45184 The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal, which can be used to create, delete, update and display files outside of the configuration directory, with administrator privilege.
CVE-2022-45183 Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID.
CVE-2022-31630 Before 7.4.33, 8.0.25, and 8.2.12, gd extension's imageloadfont() could be used to load a font that would be read outside allocated buffer.
CVE-2022-45198 Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
CVE-2022-45199 Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVE-2021-38828 Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to traffic sniffing.
CVE-2022-3979 NagVis up to 1.9.33 is vulnerable to a problem in the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. This could lead to an authentication bypass.
CVE-2022-3976 An exploit has been found in MZ Automation 1.4 and classified as critical. This vulnerability affects MMS File Services.
CVE-2022-3978 A vulnerability was found in NodeBB up to 2.5.7, which can be exploited to make remote requests forgery.
CVE-2022-3973 A critical vulnerability has been found in Pingkon HMS-PHP Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection.
CVE-2022-3971 A critical vulnerability was found in matrix-appservice-irc up to 0.35.1. The manipulation of the argument roomIds leads to sql injection.
CVE-2022-3974 A critical vulnerability was found in Axiomatic Bento4. The affected function is AP4_StdcFileByteStream::ReadPartial of the mp4info component.
CVE-2022-3972 An issue was found in Pingkon HMS-PHP. It is critical and affects admin/adminlogin.php processing. The argument uname/pass can be manipulated to lead to sql injection.
CVE-2022-3975 A vulnerability in NukeViet CMS's Data URL Handler is the function filterAttr. It's affected by the issue.
CVE-2022-3965 An issue was found in ffmpeg's smc_encode_stream function. This vulnerability affects the QuickTime Graphics Video Encoder component.
CVE-2022-3970 a critical vulnerability was found in LibTIFF, which could be exploited remotely.
CVE-2022-3968 A vulnerability in emlog has been found and is being labelled as a problem. The manipulation of the argument tag leads to cross site scripting.
CVE-2022-3966 A critical vulnerability was found in Ultimate Member Plugin up to 2.5.0. This vulnerability affects the function load_template of the file includes/core/class-shortcodes.php of the Template Handler component.
CVE-2022-3967 Vesta Control Panel had a critical vulnerability where a function of the file sed Handler was manipulated, leading to argument injection.
CVE-2022-3964 A vulnerability has been found in ffmpeg. The manipulation of the argument y_size leads to an out-of-bounds read.
CVE-2022-3963 An issue was found in gnuboard5, a component of FAQ Key ID Handler. The fm_id argument can be manipulated to perform a cross-site scripting attack.
CVE-2022-45196 An attacker can cause a denial of service by sending a crafted Fabric 2.3 channel tx with the same name.
CVE-2022-45195 The key derivation function in SimpleXMQ before 3.4.0 is not applied to data, which can impact forward secrecy and if there is a compromise of a single private key.
CVE-2022-38650 An unauthenticated deserialization flaw exists in VMware Hyperic Server 5.8.6.
CVE-2022-38651 An attacker can exploit a security filter misconfiguration in VMware Hyperic Server 5.8.6 to bypass authentication requirements.
CVE-2022-38652 An insecuar deserialization vulnerability exists in VMWare Hyperic Agent 5.8.6
CVE-2022-41339 In MDM Plus, user privileges can be escalated.
CVE-2022-43671 In Zoho ManageEngine Password Manager Pro, PAM360, and Access Manager Plus before 4306, SQL Injection is possible.
CVE-2022-43672 In PAM360, Password Manager Pro, and Access Manager Plus, SQL Injection (CVE-2022-43671) was found in a different software component.
CVE-2022-45194 CBRN-Analysis before 22 allows XXE attacks, leading to NTLMv2-SSP hash disclosure.
CVE-2022-45193 CBRN-Analysis before 22 has weak file permissions, which might lead to disclosure of file contents or privilege escalation.
CVE-2022-41905 WebDAV server WSGI is vulnerable to XSS attacks, which has been patched in version 4.1.0.
CVE-2022-45182 Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
CVE-2022-41882 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer
CVE-2022-41906 OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc.
CVE-2022-41904 Element iOS is a Matrix client based on the MatrixSDK. Before version 1.9.7, events encrypted using Megolm that could not be trusted were unmarked.
CVE-2022-36776 IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting
CVE-2022-29515 Memory release in Intel SPS firmware may be exploited to cause denial of service.
CVE-2021-33064 An uncontrolled search path in the software installer for Intel System Studio may allow for privilege escalation.
CVE-2022-26006 In the BIOS, improper input validation may allow a privileged user to enable escalation of privilege via local access.
CVE-2021-33159 An improper authentication in subsystem may allow privilege escalation.
CVE-2022-30548 An attacker can control a local search path element to escalate privilege.
CVE-2022-26508 Inauthentic authentication in the SDP Tool may allow disclosure of information via network access.
CVE-2022-26047 Input validation for Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi may be improperly performed, allowing unauthenticated user to enable denial of service.
CVE-2022-29486 The Intel Hyperscan library had buffer restrictions that could be abused by an unauthenticated user. This could lead to privilege escalation.
CVE-2021-33164 An improper BIOS access control may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-33176 In BIOS firmware for some Intel NUC 11 Performance kits and mini PCs, improper input validation may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-32569 BIOS firmware restrictions may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-26341 Incompentent credentials in Intel AMT SDK, EMA, and MC may allow user to escalate privileges via network.
CVE-2022-36380 The Intel NUC Kit Wireless Adapter installer has an uncontrolled path, which could be exploited by an attacker to gain privileges.
CVE-2022-27499 The Intel(R) SGX SDK premature release may allow a privileged user to potentially enable information disclosure.
CVE-2022-26367 Buffer restrictions in Intel XMM 7560 modem software before M2_7560_R_01.2146.00 may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-3943 An issue was found in ForU CMS. The function cms_chip.php is vulnerable to cross site scripting. This can be done remotely.
CVE-2022-3944 A vulnerability was found in jerryhanjj ERP, affecting the function uploadImages of the component Commodity Management.
CVE-2022-3942 An issue was found in SourceCodester Sanitization Management System and it is considered problematic. It may lead to cross site scripting.
CVE-2022-3941 Activity Log Plugin has a critical vulnerability affecting unknown code.
CVE-2022-41873 Versions of Contiki-NG prior to 4.9 are vulnerable to an Out-of-bounds read.
CVE-2022-36938 The Redex Loader in DexClassLoader prior to 3b44c64 can load an out of bound address and could lead to remote code execution.
CVE-2021-0185 In early Intel Server Board M10JNP Family firmware, improper input validation may allow a privileged user to enable an escalation of privilege.
CVE-2022-40981 Remote Access Server 4.5.0 and earlier is vulnerable to malicious file upload.
CVE-2022-3703 The ETIC Telecom RAS 4.5.0 and earlier is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and privilege escalation.
CVE-2022-40225 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-42460 An access control vulnerability in the Traffic Manager plugin = 1.4.5 on WordPress allows for XSS.
CVE-2022-41607 V4.5.0 and earlier's API is vulnerable to directory traversal through several methods
CVE-2022-41879 Parse Server is an open source backend that runs on Node.js.
CVE-2022-35740 Semicolon in a URL can be used to bypass access control and get sensitive information.
CVE-2022-26088 An issue was found in BMC Remedy 22.1 with Email-based Incident Forwarding. Remote users can inject HTML into the Activity Log by placing it in the To: field.
CVE-2022-43679 OwnCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
CVE-2022-39392 Wasmtime's pooling allocator has a bug when the allocator is configured to give WebAssembly instances 0 pages of memory.
CVE-2022-43074 AyaCMS v3.1.2 had an arbitrary file upload vulnerability via the /admin/fst_upload.inc.php component.
CVE-2022-39393 Wasmtime is a standalone runtime for WebAssembly
CVE-2021-40289 mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS).
CVE-2021-40226 xpdfreader 4.03 is vulnerable to Buffer Overflow.
CVE-2022-36022 Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM
CVE-2022-45063 In older versions of tmux, there was a font operation vulnerability that allowed command execution. This is no longer the case.
CVE-2022-34666 An attacker with local user access can cause a null-pointer dereference, which may lead to a denial of service.
CVE-2022-38122 UPSMON PRO transmits sensitive data in cleartext over HTTP protocol
CVE-2022-39037 Agentflow BPM file download function has a path traversal vulnerability
CVE-2022-44088 The ESPCMS P8.21120101 component has a RCE vulnerability.
CVE-2022-39038 Agentflow BPM enterprise management system has improper authentication
CVE-2022-42786 Multiple W&T Products of the ComServer Series are prone to an XSS attack
CVE-2022-45130 CSRF attack possible via the /api/v2/cli/commands REST API.
CVE-2022-45129 Payara before 2022-11-04 allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422.
CVE-2022-3486 An open redirect vulnerability in GitLab EE/CE older than 15.3.5, 15.4.4, and 15.5.2 allows attackers to redirect users to an arbitrary location if they trust the URL.
CVE-2022-39307 Grafana is an open-source monitoring platform. The password forgotten page sends a POST request to the /api/user/password/sent-reset-email URL.
CVE-2022-41045 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-41090 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
CVE-2022-41061 Microsoft Word Remote Code Execution Vulnerability.
CVE-2022-41073 Windows Print Spooler Elevation of Privilege Vulnerability.
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-41114 Windows Bind Filter Driver Elevation of Privilege Vulnerability.
CVE-2022-41106 Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41063.
CVE-2022-41113 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability.
CVE-2022-41125 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.
CVE-2022-39887 An access control vulnerability in MiscPolicy prior to SMR Nov-2022 Release 1 allows a local attacker to configure EDM settings.
CVE-2022-41128 Windows Scripting Languages Remote Code Execution Vulnerability
CVE-2022-41050 Windows Extensible File Allocation Table Elevation of Privilege Vulnerability.
CVE-2022-41049 Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability.
CVE-2022-39890 In Samsung Billing 5.0.56.0, improper authorization allows attacker to get sensitive information.
CVE-2022-41092 Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41109.
CVE-2022-41063 Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41106.
CVE-2022-41048 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-41102 Windows Overlay Filter Elevation of Privilege Vulnerability
CVE-2022-41098 Windows GDI+ Information Disclosure Vulnerability.
CVE-2022-39306 Grafana older versions are vulnerable to Improper Input Validation, inviting other members to the admin's organization.
CVE-2022-41099 BitLocker Security Feature Bypass Vulnerability.
CVE-2022-39883 Error in StorageManagerService prior to SMR Nov-2022 Release 1 allows attacker to call privileged API.
CVE-2022-41103 Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41060.
CVE-2022-41097 Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability.
CVE-2022-41062 Microsoft SharePoint Server Remote Code Execution Vulnerability.
CVE-2022-38015 Windows Hyper-V Denial of Service Vulnerability.
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-41093 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVE-2022-39881 In-bound SIB12 PDU can be read out of bounds memory in Exynos modems prior to SMR Sep-2022 release.
CVE-2022-27674 An attacker may be able to bypass bounds checks and crash the Windows kernel, resulting in denial of service.
CVE-2022-44546 The kernel module has a vulnerability where the memory is not cleared after the module is unloaded.
CVE-2022-31688 Assist prior to 22.10 contains a Reflected XSS vulnerability.
CVE-2022-29836 In 2018, a Path Traversal vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. This could allow attackers to abuse certain parameters to access the device's files.
CVE-2022-31685 VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability
CVE-2022-43310 An uncontrolled search path element in Foxit Software's Foxit Reader v11.2.118.51569 allows attackers to escalate privileges.
CVE-2022-43031 DedeCMS v6.1.9 has a CSRF flaw that allows attackers to add administrator accounts and modify admin passwords.
CVE-2022-23831 AMD ?Prof may fail to validate IOCTL input buffer, which may lead to a Windows kernel crash and denial of service.
CVE-2022-44549 The LBS module has a vulnerability in geofencing API access
CVE-2022-44552 The lock screen module has defects introduced in the design process
CVE-2022-44561 The preset launcher module has a permission verification vulnerability
CVE-2022-31687 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability
CVE-2022-44548 There is a vulnerability in permission verification during the Bluetooth pairing process
CVE-2022-31686 VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability
CVE-2022-27673 Inadequate access controls in the AMD Link Android app may result in information disclosure.
CVE-2022-44551 The iaware module has a vulnerability in thread security
CVE-2022-44560 The launcher module has an Intent redirection vulnerability
CVE-2022-44550 The graphics display module has a UAF vulnerability when traversing graphic layers
CVE-2022-25932 InHand Networks InRouter302 V3.5.45 fixes TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete
CVE-2021-34577 The value of the Kaden PICOFLUX AiR water meter can be read through wireless M-Bus mode 5 with a hardcoded shared key.
CVE-2021-34579 FL MGUARD DM on Microsoft Windows doesn't require login credentials if it's configured during installation. Attackers can access the Apache web server.
CVE-2021-34569 In WAGO I/O-Check Service, an attacker can crash the diagnostic tool and write memory.
CVE-2021-34566 An attacker can send a malicious packet to crash the iocheck process and write memory to DoS WAGO I/O-Check Service.
CVE-2022-43118 An XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML.
CVE-2021-34568 In WAGO I/O-Check Service, an unauthenticated remote attacker can send a packet to cause a denial of service.
CVE-2021-34567 WAGO I/O-Check Service can be abused to send malicious packets and provoke a denial of service and an out-of-bounds read.
CVE-2022-43277 Canteen Management System v1.0 had an arbitrary file upload vulnerability.
CVE-2022-43278 The Canteen Management System v1.0 had a SQL injection vulnerability in the categoriesId parameter of /php_action/fetchSelectedCategories.php.
CVE-2022-43119 An XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43121 An XSS vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web script or HTML.
CVE-2022-43120 An XSS vulnerability in Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43320 FeehiCMS v2.1.1 has a reflected XSS vulnerability via the id parameter.
CVE-2022-3888 An attacker can exploit heap corruption in Google Chrome prior to 107.0.5304.106 to gain remote access.
CVE-2022-39328 Grafana is an open-source platform for monitoring and observability
CVE-2022-20462 phNxpNciHal has an out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-41214 An attacker with high privileges can delete a file which is otherwise restricted.
CVE-2021-1050 In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c
CVE-2022-41208 An attacker with user privileges can alter a user's session.
CVE-2022-41260 An attacker can inject a web script via a GET request in SAP Financial Consolidation 1010, which does not encode user-controlled input.
CVE-2022-41212 SAP NetWeaver Application Server allows an attacker with high privileges to read files which are otherwise restricted.
CVE-2022-32603 In gpu drm, there is a out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges.
CVE-2022-26446 Modem 4G RRC has a possible system crash due to improper input validation. This could lead to remote denial of service.
CVE-2022-32618 In typec, there is a possible out-of-bounds write due to an incorrect calculation of buffer size, which could lead to local escalation of privilege, with no additional execution privileges needed.
CVE-2022-39377 System performance tools for Linux called issud is vulnerable to a size_t overflow in allocate_structures prior to version 12.7.1.
CVE-2022-33322 Mitsubishi Electric products contain cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform a MITM attack and inject malicious script codes.
CVE-2022-42494 An SSRF vulnerability in All in One SEO Pro plugin = 4.2.5.1 on WordPress.
CVE-2022-27858 CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.
CVE-2022-40632 gVectors Team wpForo Forum plugin = 2.0.5 vulnerable to CSRF leading to topic deletion.
CVE-2022-44318 PicoC Version 3.2.2 had a buffer overflow in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44314 PicoC 3.2.2 had a buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44320 PicoC Version 3.2.2 had a buffer overflow in ExpressionCoerceFP in expression.c when called from ExpressionParseFunctionCall.
CVE-2022-44317 PicoC 3.2.2 had a buffer overflow in StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.
CVE-2022-44313 PicoC 3.2.2 had an exploitable buffer overflow in the ExpressionCoerceUnsignedInteger function that could lead to remote code execution.
CVE-2022-44316 PicoC 3.2.2 had a buffer overflow in the LexGetStringConstant function when called from LexScanGetToken.
CVE-2022-44315 PicoC Version 3.2.2 had a heap buffer overflow in ExpressionAssign when called from ExpressionParseFunctionCall.
CVE-2022-41434 The EyesOfNetwork Web Interface v5.3 has an XSS vulnerability.
CVE-2022-31199
CVE-2022-41432 The EyesOfNetwork web interface had a reflected XSS vulnerability.
CVE-2022-41433 The EyesOfNetwork Web Interface v5.3 had a reflected XSS vulnerability.
CVE-2022-43359 Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c had an out-of-bounds read in the function read_image_data.
CVE-2022-43049 The Canteen Management System Project v1.0 had a SQL injection vulnerability.
CVE-2022-43046 Ordering Management System v1.0 had a XSS vulnerability in the /foms/place-order.php component.
CVE-2022-43050 The v1.0 of Tours & Travels Management System had a file upload vulnerability.
CVE-2022-3878 A critical vulnerability has been found in Maxon ERP. Manipulation of the argument tb_search leads to sql injection.
CVE-2022-44048 The d8s-urls for python included a backdoor inserted by a third party. This is the democritus-domains package.
CVE-2022-43317 An XSS vulnerability in HRMS v1.0's /hrm/index.php?msg allows attackers to execute arbitrary web script or HTML.
CVE-2022-44050
CVE-2022-43319 An information disclosure vulnerability in the component vcs/downloadFiles.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
CVE-2022-42955 The PassWork extension 5.0.9 allows attackers to obtain cleartext cached credentials.
CVE-2022-3536
CVE-2022-3558 The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
CVE-2020-12509 An attacker could get files on an older version of CanMoni's tools by path traversal.
CVE-2022-3489 The WP Hide plugin through 0.0.2 doesn't have authorisation and CSRF checks, which allows unauthenticated attackers to update the custom_wpadmin_slug settings.
CVE-2022-3494 The Complianz WordPress plugin before 6.3.4, and Complianz Premium before 6.3.6 allow translators to inject arbitrary SQL.
CVE-2022-3537 The Role Based Pricing plugin before 1.6.2 has no authorisation and validation for uploaded files, which allows anyone to upload arbitrary files, like PHP.
CVE-2022-44795 Object First 1.0.7.712 has a Web Service flaw that could lead to local information disclosure. The command that creates the support bundle's URL uses an insecure RNG.
CVE-2022-44796 Object First's authorization service has a flow that allows getting access to the Web UI without knowing credentials.
CVE-2022-44794 Object First has an issue where a remote attacker can execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters.
CVE-2022-44797 For older versions of lnd and other Bitcoin-related products, forgets to check witness size.
CVE-2022-44793 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash.
CVE-2022-44792 Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to crash the instance.
CVE-2022-42905 WOLFSSL before 5.5.2 had a potential buffer over-read issue if callback functions were enabled.
CVE-2022-37710 Dental Eaglesoft 21 has AES-256 encryption with key backup/retrieval or DbEncryptKeyPrimary > Encryption Key.
CVE-2022-44544 Ghostscript could potentially be exploited to trigger a remote shell. This is the case if the site is running on Ubuntu and the flag -dSAFER isn't set.
CVE-2022-42707 Mahara 21.04, 21.10, 22.04, and 22.10 has embedded images accessible without a sufficient permission check if certain conditions are met.
CVE-2022-38660 HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability
CVE-2022-41671 An Injection CWE-89 exists in SQL Command that allows adversaries with local user privileges to craft a malicious query and execute as part of project migration.
CVE-2022-41669 An improper verification of cryptographic signature vulnerability exists in the SGIUtility component. This could lead to the execution of malicious code if a malicious DLL is loaded.
CVE-2022-41667 An adversary with local user privileges can load a malicious DLL to execute malicious code. This is a CWE-22 vulnerability.
CVE-2021-41574 Reject this candidate number. It was not a vulnerability.
CVE-2022-44724 The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows attackers to inject arbitrary HTML or JavaScript via a XSS vulnerability.
CVE-2022-42743 deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object
CVE-2022-43063 The id parameter of the v1.0 edition of the Lab Management System was vulnerable to SQL injection.
CVE-2022-42746 The 3.0.0 version of the CandidATS API allows an attacker to steal cookies of arbitrary users.
CVE-2022-35717 IBM InfoSphere Information Server could be exploited locally by sending a special request.
CVE-2022-40747 IBM InfoSphere Information Server is vulnerable to an XML External Entity Injection attack. An attacker could exploit this to reveal sensitive information or consume memory resources.
CVE-2022-42749 An attacker in the 'page' of the 'ajax.php' resource can steal cookies of other users.
CVE-2020-22818 MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
CVE-2022-43102 Tenda AC23 V16.03.07.45_cn had a stack overflow vulnerability that could be exploited via the timeZone parameter in fromSetSysTime.
CVE-2022-44624 In JetBrains TeamCity before 2022.10, password parameters with special characters could be exposed in the build log.
CVE-2022-43105 Tenda AC23 V16.03.07.45_cn was found to have a stack overflow vulnerability in the fromSetWifiGusetBasic function.
CVE-2022-32287 An attacker can create files outside the target directory using a vulnerability in the FileUtil class of the PEAR management component of Apache UIMA.
CVE-2022-41435 An open source router's SSH keys vulnerability contains XSS.
CVE-2021-46853 Before 2.25, an attack on LIST or LSUB can cause a denial of service.
CVE-2022-24936 GBL parser out-of-bounds error allows attacker to overwrite flash Sign key and OTA decryption key.
CVE-2022-39353 Xmldom is a standard-based XML DOM parser and serializer module.
CVE-2022-41551 An SQL injection vulnerability was found in Garage Management System v1.0. The id parameter was vulnerable.
CVE-2022-43239 Discovered that the Lide265 v1.0.8 had a heap buffer overflow vulnerability.
CVE-2022-38380 An access control vulnerability in FortiOS 7.2 and earlier may allow a remote read-only user to modify the interface settings via the API.
CVE-2022-26122 FortiGate versions prior to 6.4.274 and FortiClient, FortiMail may have insufficient data authenticity verification, which may allow attackers to bypass the AV engine.
CVE-2022-3659 An attacker who convinces a user to perform specific UI interactions could exploit heap corruption to get remote access.
CVE-2022-27582 An SICK SIM4000 (PPC) password recovery vulnerability allows an unprivileged remote attacker to gain access to the user level defined as RecoverableUserLevel.
CVE-2022-26719 Memory corruption issue was fixed in tvOS 15.5, iOS 15.5, iPadOS 15.5, watchOS 8.6 and macOS Monterey 12.4.
CVE-2022-32881 Improved restrictions were made to address a logic issue in macOS Big Sur 11.7, iOS 16, watchOS 9, and macOS Monterey 12.6.
CVE-2022-3307 An attacker can exploit heap corruption in Google Chrome before version 106.0.5249.62 if a malicious page is used.
CVE-2022-3308 In DevTools, a remote attacker could escape the sandbox and perform malicious actions.
CVE-2022-3313 In Chrome prior to 106.0.5249.62, a remote attacker could spoof the UI with a crafted HTML page.
CVE-2022-42790 Apple fixed a logic issue in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7.
CVE-2022-3316 In earlier versions of Chrome, unsafe validation of untrusted input could be exploited to bypass security features.
CVE-2022-3808 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-42829 Memory management issues are fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13.
CVE-2022-42823 Improved memory handling was addressed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1 and iOS 16.1.
CVE-2022-42818 This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13
CVE-2022-42830 Memory handling was improved in iOS 16.1 and iPadOS 16, macOS Ventura 13.
CVE-2022-3304 An attacker could exploit heap corruption in CSS in Google Chrome before 106.0.5249.62 to get remote access.
CVE-2022-43328 The Canteen Management System v1.0 had a SQL injection vulnerability via the id parameter.
CVE-2022-43330 The Canteen Management System v1.0 had a SQL injection vulnerability via the id parameter.
CVE-2022-42318 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42311 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42312 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-25892 Packages 2.6.1, 3.0.0, and 3.1.1 of muhammara are vulnerable to DoS when supplied with a maliciously crafted PDF file.
CVE-2020-36605 Inappropriate default permissions allow attackers to run malicious code on the Hitachi AI Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint components.
CVE-2022-2572 In affected versions of Octopus Server, it was possible that the API key/keys of a deleted user were still valid.
CVE-2022-43354 The System for Sanitization Management System v1.0 had a SQL injection vulnerability.
CVE-2022-43353 The system was found to have a SQL injection vulnerability. The id parameter was vulnerable.
CVE-2021-27784 The HCL Launch Container images contain non-unique HTTPS keys and certificates. The fix provides tools to replace them.
CVE-2022-39016 Injection in PDFtron allows attackers to takeover user account.
CVE-2022-40294 An application was found to have a CSV injection vulnerability, allowing malicious code to be embedded in exported data.
CVE-2022-39018 PDFtron data in M-Files Hubshare before 3.3.11.3 was accessed by unauthenticated attackers if they know the URL.
CVE-2022-40288 An application was vulnerable to Stored XSS, which could be used to escalate privileges and compromise accounts that view user profile.
CVE-2020-23255 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-40289 The application was vulnerable to Stored XSS and could be used to escalate privileges or compromise accounts.
CVE-2022-41688 SEI's Device Master versions 00.00.01a and earlier lack proper authentication for user group functions.
CVE-2022-41629 The 00.00.01a versions of the Device Master from DEI allow unauthenticated users to access the endpoint, which could allow an attacker to retrieve any file from the "RunningConfigs" directory.
CVE-2022-31692 An earlier version of Spring Security was vulnerable to authorization rule bypass. END>
CVE-2022-2190 The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter, which could lead to Reflected Cross-Site Scripting in old browsers.
CVE-2022-3366 The PublishPress Capabilities plugin before 2.5.2 unserializes imported files, which could lead to PHP object injection attacks by administrators.
CVE-2022-3770 An critical vulnerability was found in Yunjing CMS. The file /index/user/upload_img.html can be manipulated to upload files without restrictions. The attack can be initiated remotely.
CVE-2020-21016 The DIR-846 devices have a firmware exploit that allows attackers to gain root access.
CVE-2022-39025 U-Office Force PrintMessage function has insufficient filtering for special characters
CVE-2022-40617 The strongSwan revocation plugin can be compromised when an attacker sends a crafted end-entity certificate that contains a CRL/OCSP URL pointing to a controlled server.
CVE-2022-3755 DO NOT USE THIS CANDIDATE NUMBER. It was withdrawn by the CNA. Investigation showed it was not a security issue
CVE-2022-2826 An issue has been discovered in GitLab starting from 10.0 before 12.9.8, 12.10 before 12.10.7, 13.0 before 13.0.1.
CVE-2022-41648 The HEROS 5.08.3 controller is vulnerable to improper authentication, which may allow an attacker to deny service to the production line or steal sensitive data.
CVE-2022-43165 An XSS vulnerability in the Global Variables feature of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-37426 File upload with OpenNebula's core on Linux can be disabled by injection of harmful file content.
CVE-2022-39367 The QTIWorks Engine allows users to upload content packages as ZIP files before version 1.0-beta15.
CVE-2021-38729 SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
CVE-2022-3697 amazon.aws flaw: amazon.aws uses tower_callback parameter from amazon.aws.ec2_instance module when using amazon.aws collection.
CVE-2021-38736 SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.
CVE-2022-2882 An issue has been found in GitLab CE/EE prior to 15.3.4, 15.4.1, and 12.6.5.1.
CVE-2022-3731 A vulnerability has been found in seccome Ehoney and classified as critical. The manipulation of the argument Payload leads to sql injection.
CVE-2022-3730 A critical vulnerability was found in seccome Ehoney. The manipulated Payload argument leads to sql injection.
CVE-2021-36206 CEVAS prior to version 1.01.46 could allow users to bypass authentication and retrieve data with specially crafted SQL queries.
CVE-2022-41133 DIAEnergie is vulnerable to a SQL injection in GetDIAE_line_message_settingsListParameters.
CVE-2022-0074 LSWS allows privilege escalation by untrusted search path.
CVE-2022-31898 Ingestion of system commands in the ping_addr and trace_addr parameters of the Mango and Flint IoT devices.
CVE-2022-3725 An OPUS protocol crash in Wireshark 3.6.0 to 3.6.8 allows denial of service.
CVE-2022-40184 JavaScript code in the video jet multi 4000 web interface is not being filtered properly, allowing an attacker with admin credentials to store code and execute it for all admins.
CVE-2022-41996 ThemeFusion Avada premium theme versions = 7.8.1 has a CSRF vulnerability that can be used to install arbitrary plugins.
CVE-2021-45476 Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.
CVE-2021-45475 Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability.
CVE-2022-2508 Octopus Server can reveal resources in spaces the user doesn't have access to due to verbose error messaging.
CVE-2022-3705 An issue was found in vim's qf_update_buffer function, which is used for the quickfix autocmd handler. This vulnerability allows for use after free.
CVE-2022-39286 Jupyter Core is a package for core common functionality of Jupyter projects. Jupyter Core contains an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in CWD.
CVE-2022-3667 A critical vulnerability was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp. Manipulation leads to heap-based buffer overflow.
CVE-2022-39359 Metabase is data visualization software
CVE-2022-42999 D-Link DIR-816 A2 1.10 B05 had multiple command injection vulnerabilities via the admuser and admpass parameters.
CVE-2022-43000 The DIR-816 A2 1.10 B05 was found to have a stack overflow vulnerability.
CVE-2022-40238 An RCE vulnerability exists in CERT software prior to version 1.50.5. An attacker can inject arbitrary pickle object as part of a user's profile.
CVE-2022-20954 Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could be vulnerable to path traversal, sensitive data viewing, and write arbitrary files attacks.
CVE-2022-20933 The vulnerability in Cisco AnyConnect VPN server could cause a DoS on an affected device.
CVE-2022-43749 In Synology Presto File Server before 2.1.2-1601, improper privilege management can be bypassed via unspecified vectors.
CVE-2022-33182 Brocade Fabric OS CLI privilege escalation vulnerability could let a local user escalate their privileges to root using 'supportlink' and 'firmwaredownload' commands.
CVE-2022-27912 An issue was discovered in Joomla! 4.0.0 through 4.2.3
CVE-2022-31468 An attacker can XSS the OX App Suite through 8.2 when a client uses the len or off parameter.
CVE-2022-38181 An Arm product family through 2022. GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.
CVE-2022-33204 Abode Systems Inc. iota All-In-One Security Kit 6.9X and 6.9Z has 2 command injection vulnerabilities. An attacker can execute commands on the system
CVE-2022-39349 The Tasks.org app uses the ShareLinkActivity to handle to-do lists and reminders.
CVE-2022-39351 Dependency-Track is a Component Analysis platform that identifies and reduces risk in the software supply chain.
CVE-2022-35268 Web_server hashFirst vulnerability can lead to denial of service.
CVE-2022-35261 Web_server hashFirst vulnerability can lead to denial of service.
CVE-2022-3300 The Form Maker plugin before 1.15.6 has a SQL injection vulnerability that can be exploited by admin users.
CVE-2022-39342 OpenFGA is an authorization/permission engine. Versions prior to v0.2.4 are vulnerable to authorization bypass under certain conditions
CVE-2022-39836 COVESA dlt-daemon through 2.18.8 has a file parser bug that can be exploited to crash the process.
CVE-2022-34845 An update vulnerability exists in Robustel R1510's sysupgrade functionality. A specially crafted packet can lead to arbitrary firmware update.
CVE-2022-3344 A flaw was found in the KVM's AMD nested virtualization (SVM)
CVE-2022-41704 Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16
CVE-2022-34870 Apache Geode 1.15.0 to 1.15.44 are vulnerable to XSS when using Pulse to view Region entries.
CVE-2022-39322 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js
CVE-2022-35876 There are 3 format string vulnerabilities in the XCMD testWifiAP functionality of the Abode Systems, Inc. iota All-In-One Security Kit.
CVE-2022-3391 The Retain Live Chat plugin doesn't sanitise its settings, which could allow high privilege users to perform stored XSS attacks.
CVE-2021-45925 An attacker can guess legitimate user names registered in the BMC.
CVE-2022-41986 An information disclosure vulnerability in Android App IIJ SmartKey versions prior to 2.1.4 could allow an attacker to obtain a one-time password.
CVE-2021-44776 The SubNet_handler_func function has a broken access control vulnerability that allows an attacker to change the security access rights to KVM and Virtual Media functionalities.
CVE-2021-44769 An input validation vulnerability in TLS certificate generation can cause a DoS condition. This is mitigated by a factory reset.
CVE-2022-41796 An attacker can gain privileges by a Trojan horse DLL in an untrusted directory in Content Transfer Ver.1.3 and prior.
CVE-2022-41797 Inappropriate authorization in handler for custom URL scheme vu t can lead to access to arbitrary website.
CVE-2021-26727 Injection flaws in SubNet_handler_func allow attacker to execute code with root privileges.
CVE-2021-26728 Injection and buffer overflow vulnerabilities in spx_restservice's KillDupUsr_func can allow an attacker to execute code as the server user.
CVE-2022-39313 Parse Server is an open source backend that runs on Node.js.
CVE-2021-26729 Injection and buffer overflow vulnerabilities in the Login_handler_func function of spx_restservice allows attacker to execute arbitrary code with server user privileges.
CVE-2021-44467 An access control vulnerability in spx_restservice's KillDupUsr_func function allows an attacker to terminate active sessions of other users. This causes a DoS condition.
CVE-2022-40984 An attacker can crash WTViewerE 761941 and WTViewerEfree by processing a long file name.
CVE-2021-26733 The FirstReset_handler_func function in spx_restservice has a broken access control vulnerability that allows an attacker to send reboot commands and cause a DoS.
CVE-2022-3676 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check
CVE-2022-39314 Kirby is a flat-file CMS that is vulnerable to user enumeration due to improper authentication attempts.
CVE-2021-42010 Heron versions  0.20.4 incubated with CRLF injection vulnerability.
CVE-2022-40690 An attacker can inject arbitrary scripts in BookStack versions prior to v22.09.
CVE-2022-43680 libexpat through 2.4.9 has a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2022-43677 In free5GC 3.2.1, an index-out-of-range panic in aper.GetBitString can crash the AMF and NGAP decoders.
CVE-2022-39259 ddx is a set of command-line and GUI tools for producing Java source code from Android Dex and Apk files. 1.4.5 is vulnerable to DOS when opening zip files with HTML sequences.
CVE-2022-23462 IOWOW is a C library for key/value storage with a stack buffer overflow vulnerability that allows for Denial of Service when parsing scientific notation numbers in JSON.
CVE-2022-3649 The function nilfs_new_inode in the BPF component was found to have a vulnerability. This can lead to use after free.
CVE-2022-34439 Dell PowerScale OneFS versions 8.2.0.x-9.4.0.x have resource allocation vulnerability.
CVE-2022-34437 Dell PowerScale OneFS versions 8.2.2-9.3 have an OS command injection vulnerability that a malicious local user can exploit to compromise the system.
CVE-2022-26870 An attacker can exploit a Dell PowerStore version 2.1.0.x Authentication bypass vulnerability if the attacker is remote.
CVE-2022-34438 Dell PowerScale OneFS versions 8.2.x-9.4.0 contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to system compromise.
CVE-2022-31239 Dell PowerScale OneFS versions 9.0.0 to 9.1.0.19, 9.2.1.12, and 9.3.0.6 have a sensitive data in log files vulnerability.
CVE-2020-5355 Dell Isilon versions 8.2.2 and earlier SSHD process improperly allows TCP and stream forwarding.
CVE-2022-3646 A vulnerability was found in the Linux kernel, which affects the function nilfs_attach_log_writer of BPF component. The manipulation leads to memory leak.
CVE-2022-3570 In libtiff library 4.4.0, heap buffer overflows could lead to application crash, potential information disclosure.
CVE-2022-3598 Script in LibTIFF 4.4.0 has an out-of-bounds write, allowing attackers to cause a denial-of-service.
CVE-2022-41309 Malicious .dwf or .pct file could lead to memory corruption vulnerability by write access violation.
CVE-2022-41310 Malicious .dwf or .pct file could lead to memory corruption vulnerability by write access violation.
CVE-2022-42943 Malicious .dwf or .pct file could lead to memory corruption vulnerability by read access violation.
CVE-2022-3626 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemset that can be exploited by attackers to cause a denial-of-service.
CVE-2022-41638 Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.
CVE-2022-42944 Malicious .dwf or .pct file could lead to memory corruption vulnerability by read access violation.
CVE-2022-42939 TGA files when consumed through DesignReview.exe could lead to memory corruption vulnerability.
CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection, which can be used to cause a denial-of-service.
CVE-2022-3627 libTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service.
CVE-2022-1059 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-42938 TGA files when consumed through DesignReview.exe could lead to memory corruption vulnerability.
CVE-2022-42942 Malicious .dwf or .pct file could lead to memory corruption vulnerability by read access violation.
CVE-2022-27494 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3597 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemcpy that can be used to cause a denial of service. Attackers can exploit this vulnerability to cause a DoS.
CVE-2022-42937 Malicious .dwf or .pct file could lead to memory corruption vulnerability by write access violation.
CVE-2022-42940 TGA files when consumed through DesignReview.exe could lead to memory corruption vulnerability.
CVE-2022-1066 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-1070 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-42934 Malicious .dwf or .pct file could lead to memory corruption vulnerability by write access violation.
CVE-2022-42935 Malicious .dwf or .pct file could lead to memory corruption vulnerability by write access violation.
CVE-2022-40311 Auth
CVE-2022-38104 Auth
CVE-2022-42933 Malicious .dwf or .pct file could lead to memory corruption vulnerability by write access violation.
CVE-2022-3642 A vulnerability in the Linux Kernel affects the function rtl8188f_spur_calibration of the Wireless component.
CVE-2022-3639 A DOS vulnerability was discovered in GitLab CE/EE affecting versions 10.8-15.3.
CVE-2022-42941 Malicious .dwf or .pct file could lead to memory corruption vulnerability by read access violation.
CVE-2022-42936 Malicious .dwf or .pct file could lead to memory corruption vulnerability by write access violation.
CVE-2022-26423 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3640 A critical vulnerability was found in the Linux Kernel. The affected function is l2cap_conn_del of the component Bluetooth. The vulnerability leads to use after free.
CVE-2022-43400 V2022 R2 has a vulnerability. V22.2a>
CVE-2022-42206 Hospital Management System in PHP 4.0 is vulnerable to XSS via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
CVE-2022-42205 Hospital Management System in PHP 4.0 is vulnerable to XSS via add-patient.php
CVE-2022-42189 Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability.
CVE-2022-36122 The Automox Agent before 40 on Windows incorrectly sets permissions on key files.
CVE-2022-3637 A vulnerability has been found in Linux Kernel and classified as problematic. It affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service.
CVE-2022-3635 A critical vulnerability has been found in the Linux Kernel affected by the tst_timer function of the IPsec component. It leads to use after free.
CVE-2022-3636 An issue was found in Linux Kernel, which affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free.
CVE-2022-3633 A problem with the function j1939_session_destroy of the IPsec component net/can/j1939/transport.c leads to a memory leak.
CVE-2022-3638 Nginx was found to have a vulnerability that may lead to a memory leak. The vulnerability may be exploited remotely.
CVE-2021-42553 An attacker can exploit a buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics to execute arbitrary code.
CVE-2022-3629 A vulnerability was found in the IPsec component of Linux Kernel. It's been declared as problematic due to memory leak.
CVE-2022-37454 Keccak XKCP SHA3 has an integer overflow and buffer overflow that allows attackers to execute arbitrary code or eliminate cryptographic properties.
CVE-2022-3625 A vulnerability was found in Linux Kernel. It is classified as critical. The manipulation leads to use after free.
CVE-2022-3624 An issue with the IPsec function rlb_arp_xmit was found and is considered problematic. The vulnerability causes a memory leak.
CVE-2022-3630 A vulnerability was found in IPsec that leads to memory leak.
CVE-2022-36958 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-36957 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-38108 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-39823 An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10
CVE-2022-37453 An issue was discovered in Softing OPC UA C++ SDK before 6.10
CVE-2022-36966 Node Management users had access to all nodes due to an Insufficient control on URL parameter causing IDOR vulnerability in SolarWinds Platform.
CVE-2022-3620 Vulnerability in Exim was found, it's a dmarc_dns_lookup issue. Remote attack is possible.
CVE-2022-3621 A vulnerability was found in the Linux kernel. It is considered problematic due to the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode. The manipulation leads to a null pointer dereference.
CVE-2022-3619 A vulnerability has been found in Linux Kernel and classified as problematic. The manipulation leads to memory leak.
CVE-2022-3623 A vulnerability was found in the Linux Kernel. It is problematic due to a race condition.
CVE-2022-3577 An out-of-bounds memory write flaw was found in the Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2020-9285 The Sonos One 2nd generation devices can be compromised by attackers controlling the memory via the Mini-PCI Express slot.
CVE-2022-2069 The APDFL.dll in Siemens JT2Go V13.3.0.5 and Siemens Teamcenter Visualization V14.0.0.2 contains a heap-based write that wrote past the buffer.
CVE-2022-42233 Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.
CVE-2022-42344 Adobe Commerce versions 2.4.3-p2, 2.3.7-p3, and 2.4.4 are affected by a validation vulnerability.
CVE-2022-42176 Hard-coded admin panel access in PCTechSoft PCSecure V5.0.8.xw using use of Hard-coded Credentials.
CVE-2022-42021 Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=
CVE-2022-40084 OpenCRX v5.2.2 was vulnerable to password enumeration due to difference in messages received during a password reset. This could enable an attacker to determine if a username, email or ID is valid.
CVE-2022-42201 Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.
CVE-2022-42199 v1.0 of Exam Reviewer Management System is vulnerable to CSRF attack.
CVE-2022-42198 The User List function suffers from insecure file upload in Simple Exam Reviewer Management System v1.0.
CVE-2022-42197 The User List function has improper access control that allows low privileged users to modify user permissions.
CVE-2022-42200 The Exam Reviewer Management System v1.0 is vulnerable to Stored XSS.
CVE-2022-31366 An arbitrary file upload vulnerability in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code.
CVE-2022-26954 Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow attackers to conduct phishing attacks. The ChangePassword function is affected.
CVE-2020-12744 The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged user to elevate privileges.
CVE-2022-37598 Prototype pollution vulnerability in ast.js with the name variable in UglifyJS 3.13.2.
CVE-2022-37298 Shinken Monitoring 2.4.3 is vulnerable to Incorrect Access Control.
CVE-2021-33231 EasyVista Service Manager 2018.1.181.1 has an XSS vulnerability that allows attackers to run arbitrary code.
CVE-2022-27625 An issue with memory buffer operations, OOB Management, is found.
CVE-2022-27624 A memory buffer vulnerability affects OOB Management packet decryption.
CVE-2022-27626 Vulnerability found in session processing of OOB management.
CVE-2022-41358 An XSS vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-3327 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41836 An 'Attack Signature False Positive Mode' on a virtual server can cause the bd process to terminate.
CVE-2022-41833 An iRule containing the HTTP::collect command can cause TMM to terminate.
CVE-2022-41835 F5OS older versions have a security bug where some commands are allowed if the attacker is authenticated.
CVE-2022-41813 Traffic Management Microkernel (TMM) can terminate when a certain input is provided to PEM or AFM module in certain versions of BIG-IP.
CVE-2022-38107 Sensitive information could be displayed when a detailed technical error message is posted
CVE-2022-41624 Unclosed traffic can cause an increase in memory resou END> The BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x have undisclosed traffic that can cause an increase in memory resou.
CVE-2022-41691 When a BIG-IP Advanced WAF/ASM security policy is configured, undisclosed requests can cause the bd process to terminate.
CVE-2022-41694 An SSL key was imported on a BIG-IP or BIG-IQ system, but undisclosed input was used. This could lead to a security vulnerability.
CVE-2022-41806 An undisclosed request can cause an increase in memory resource utilization when BIG-IP AFM Network Address Translation with IPv6/IPv4 translation rules is configured on a virtual server.
CVE-2022-31684 Reactor Netty HTTP Server may log request headers in some cases of invalid HTTP requests. This may reveal valid access tokens to those with access to server logs.
CVE-2022-41832 An undisclosed message can cause an increase in memory consumption in BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x when a SIP profile is configured on a virtual server.
CVE-2022-41983 Hardware platforms on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and 13.1.x can have undisclosed conditions when Intel QAT and AES-GCM/CCM are used.
CVE-2022-36795 LTM TCP profile with Auto Receive Window enabled on a virtual server can be vulnerable to undisclosed traffic. This can lead to a vulnerability.
CVE-2022-41617 An authenticated remote code execution vulnerability exists in the BIG-IP iControl REST API in versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1.
CVE-2022-41743 Before R27 P1 and R26 P1, the ngx_http_hls_module has a vulnerability that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact.
CVE-2022-41741 The NGINX Open Source versions before 1.23.2, 1.22.1, R2 P1, and R1 P1 have a vulnerability in the ngx_http_mp4_module module that might allow a local attacker to execute arbitrary code.
CVE-2022-41742 The NGINX Open Source versions before 1.23.2, 1.22.1, R2 P1, and R1 P1 have a vulnerability in the ngx_http_mp4_module module that might allow a local attacker to execute arbitrary code.
CVE-2022-41780 An directory traversal vulnerability in F5OS-A and F5OS-C before 1.4.0 allows attackers to read arbitrary files.
CVE-2022-41787 DNS Express is enabled on a virtual server with DNS profile and undisclosed DNS queries can be sent to the internal DNS. This might lead to information disclosure. END>
CVE-2022-41770 An authenticated iControl REST user can increase memory consumption.
CVE-2022-43024 Tenda TX3 US_TX3V1.0 was discovered to have a stack overflow vulnerability with the list parameter.
CVE-2022-43026 Tenda TX3 US_TX3V1.0 br_V16.03.13.11_multi_TDE01 contains a stack overflow via the endIp parameter.
CVE-2022-43025 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to have a stack overflow via the startIp parameter.
CVE-2022-43027 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to have a stack overflow via the firewallEn parameter.
CVE-2022-43028 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 has a stack overflow via the timeZone parameter.
CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 stack overflow was discovered via the time parameter.
CVE-2022-43017 OpenCATS v0.9.6 had a reflected XSS vulnerability in the indexFile component.
CVE-2022-43021 OpenCATS v0.9.6 had a SQL injection vulnerability via the entriesPerPage variable.
CVE-2022-43023 OpenCATS v0.9.6 had a SQL injection vulnerability in the Import viewerrors function.
CVE-2022-3586 A use after free was found in the networking code. This could lead to a remote code exploit.
CVE-2022-23241 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock enabled are vulnerable to an authenticated remote attack which could allow arbitrary modification or deletion of WORM data.
CVE-2022-2805 An otapi-style flaw in ovirt-engine can log passwords in the log file.
CVE-2022-1970 DO NOT USE this candidate's ConsultID. The CNA pool was not assigned any issues in 2022.
CVE-2022-43019 OpenCATS v0.9.6 had an RCE vulnerability that was found in the ajax functionality of the getDataGridPager.
CVE-2022-43022 OpenCATS v0.9.6 had a SQL injection vulnerability in the Tag deletion function.
CVE-2013-4281 In Red Hat Openshift 1, the /etc/openshift/server_priv.pem file has weak default permissions, which could allow users with local access to read it.
CVE-2022-43020 OpenCATS v0.9.6 had a SQL injection vulnerability in the Tag update function because of the tag_id variable. end>
CVE-2022-43018 OpenCATS v0.9.6 had a XSS vulnerability in the email parameter of the Check Email function.
CVE-2022-43016 OpenCATS v0.9.6 had a XSS vulnerability in the callback component.
CVE-2022-43014 OpenCATS v0.9.6 had a XSS vulnerability when the joborderID parameter was used.
CVE-2022-1738 An earlier version of Fuji Electric D300win is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory.
CVE-2022-1523 An earlier version of Fuji Electric D300win is vulnerable to a write-what-where condition, which could allow an attacker to manipulate the flow of information.
CVE-2022-1414 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields
CVE-2013-4253 The deployment script in the unsupported "OpenShift Extras" add-on scripts installs a default public key in the root user's authorized_keys file.
CVE-2022-41707 An attacker can access data of any user of the Messenger application.
CVE-2022-41709 An attacker can execute arbitrary code on any client who views a malicious Markdown file.
CVE-2022-43414 Jenkins NUnit Plugin 0.27 and earlier has an agent-to-controller message that parses files as test results, allowing attackers to control agent processes to obtain test results from files in the attacker's specification.
CVE-2022-43406 An untrusted attacker can create and run untrusted Pipelines in Jenkins Pipeline vf3b_454e43966, which is deprecated.
CVE-2022-43409 An earlier Jenkins supporting API plugin has a XSS vulnerability that can be exploited by attackers.
CVE-2022-43405 Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier has a sandbox bypass vulnerability that allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts.
CVE-2022-43402 There is a sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier that allows attackers with permission to define and run sandboxed scripts.
CVE-2022-43434 Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier disables Content-Security-Policy protection for user-generated content.
CVE-2022-43407 Jenkins Input Step Plugin 451.vf1a_a_4f405289 doesn't restrict or sanitize the ID of the input step, which is used for URLs that process user interactions.
CVE-2022-43428 Compuware Topaz for Total Test Plugin 2.4.8 and earlier allows attackers to execute agent/controller commands and get Java system properties. This could lead to system information disclosure.
CVE-2022-43403 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts to bypass the restriction.
CVE-2022-43429 Compuware Topaz for Total Test Plugin 2.4.8 and earlier allows attackers to read arbitrary files on the Jenkins controller file.
CVE-2022-43410 Mercurial plugin 1251.va_b_121f184902 and earlier has webhook endpoint that exposes which jobs were triggered or scheduled for polling, which users have no permission to access.
CVE-2022-43408 Jenkins Pipeline stage view plugin 2.26 and earlier doesn't encode input step ID when generating URLs, allowing attackers to specify them and proceed/abort builds.
CVE-2022-43421 An error in Tuleap's Git Branch Source Plugin 3.2.4 and earlier lets attackers trigger projects with a specified repository if they don't have permission.
CVE-2022-43432 Jenkins XFramium Builder Plugin 1.0.22 and earlier disables Content-Security-Policy protection for user-generated content.
CVE-2022-43426 Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, which makes it easier for attackers to observe and capture it.
CVE-2022-43422 Compuware Topaz Utilities Plugin 1.0.8 and earlier has an agent/controller message that doesn't limit where it can be executed, which allows attackers to obtain values of Java system properties.
CVE-2022-43427 Compuware Topaz for Total Test Plugin 2.4.8 doesn't perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43431 An earlier Compuware Strobe Measurement Plugin didn't perform permission checks, which allowed attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43425 Jenkins' Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of parameters on views, resulting in a stored XSS vulnerabi END>
CVE-2022-43433 Jenkins Screen recorder plugin disables Content Security Policy protection for user-generated content.
CVE-2022-43401 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts to compromise Jenkins.
CVE-2022-43418
CVE-2022-43419 Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission.
CVE-2022-43430 Jenkins Compuware Topaz 2.4.8 and earlier does not configure its XML parser to prevent XXE attacks.
CVE-2022-43415 The REPO Plugin 1.15.0 and earlier does not properly protect against XXE attacks.
CVE-2022-43411 The Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
CVE-2022-43416 An earlier version of the Jenkins Katalon Plugin allowed attackers to control agent processes and invoke Katalon.
CVE-2022-43412 Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function, which is vulnerable to attackers using statistical methods to obtain a valid webhook token.
CVE-2022-43413 The Jenkins Job Import Plugin 3.5 and earlier doesn't perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43417 Katalon Plugin 1.0.32 and earlier doesn't perform permission checks in several HTTP endpoints, which allows attackers with Overall/Read permission to connect to attacker-specified URL using attacker-specified cred END>
CVE-2022-43423 Jenkins Compuware Source Code 2.0.12 and earlier has an agent/controller message that doesn't limit where it can be executed, allowing attackers to control agent processes and obtain the values of JAVA APIs.
CVE-2022-43420 The Jenkins Contrast plugin 3.9 and earlier doesn't escape data returned from the service, which leads to a stored XSS vulnerability. Attackers who can access the application's backend are able to exploit the vulnerability.
CVE-2022-43435 Jenkins 360 FireLine Plugin 1.7.2 and earlier disables Content-Security-Policy protection for user-generated content.
CVE-2022-43424 Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers to control agent processes to obtain values of system properties.
CVE-2022-43404 The Jenkins Script Security Plugin has a sandbox bypass vulnerability that allows attackers with permission to define and run sandboxes to attack.
CVE-2022-43184 D-Link DIR878 1.30B08 Hotfix_04 had a command injection vulnerability.
CVE-2022-43032 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43044 gf_isom_get_meta_item_info has a segmentation violation.
CVE-2022-43045 Scene Manager dump function had a segmentation violation.
CVE-2022-43037 An issue was discovered in Bento4 1.6.0-639
CVE-2022-43040 The gf_isom_box_dump_start_ex function had a heap buffer overflow.
CVE-2022-43038 Bento4 v1.6.0-639 had a heap overflow in the mp42ts AP4_BitReader::ReadCache() function.
CVE-2022-43185 An XSS flaw in the Configuration/Holidays module of the Rukovoditel v3.2.1 allows attackers to inject arbitrary web script or HTML.
CVE-2022-43033 An issue was discovered in Bento4 1.6.0-639
CVE-2022-43034 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43042 GFD054169B master contains a heap buffer overflow in the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVE-2022-43039 The gf_isom_meta_restore_items_ref function in the PAGAC 2.1-DEV-rev368-gfd054169b-master file has a segmentation violation.
CVE-2022-43043 The BD_CheckSFTimeOffset function had a segmentation violation.
CVE-2022-43035 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-23734 An untrusted data deserialization vulnerability was found in GitHub Enterprise Server that could lead to remote code execution.
CVE-2022-39301 sra-admin has a storage XSS vulnerability.
CVE-2022-39267 Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB, Redis, MongoDB and other services for production environments.
CVE-2022-3607 Injection of special elements into another plane (octoprint/octoprint prior to 1.8.3)
CVE-2022-41415 RevserveMem had a stack overflow vulnerability.
CVE-2022-25748 Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames
CVE-2022-25750
CVE-2022-39233 Tuleap is a free and open source suite for managing software development and collaboration.
CVE-2022-22078 BOOT denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, and Snapdragon Consumer IOT due to integer overflow when blocks are calculated.
CVE-2022-25662 An attacker can get information from an untrusted pointer dereference in the kernel of some Snapdragon products.
CVE-2022-25663 An overflow in the device's management frame handling could lead to a denial of service in Snapdragon Compute, Connectivity, and Consumer Electronics Connectivity.
CVE-2022-25718 In Snapdragon Auto, Connectivity, and IoT, there is a cryptographic issue.
CVE-2020-23648 Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability
CVE-2022-25665 The kernel buffer over-read vulnerability could lead to information disclosure. This vulnerability is specific to Snapdragon products.
CVE-2022-33210 Memory corruption in automotive multimedia due to use of out-of-range pointer offset when parsing command request packet with a very large type value.
CVE-2022-25664 Information disclosure due to GPU reading data in Snapdragon Auto, Compute, Connectivity, IOT, Mobile, Wearables.
CVE-2022-25720 WLAN can be corrupted by out of bound array access during connect/roaming. Many of the Snapdragon processors are affected.
CVE-2022-25687 Buffer overflow can lead to video corruption in Snapdragon Auto, Snapdragon Compute, etc. The issue is found in asf parsing.
CVE-2022-33214 Display corruption due to time-of-check time-of-use metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables.
CVE-2022-25660 A kernel double free issue in some Snapdragon chipsets. This can lead to a crash or memory corruption.
CVE-2022-25661 Kernel memory corruption due to untrusted pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, and Snapdragon Industrial IOT devices.
CVE-2022-33217 CPU buffer copy bug in Qualcomm IPC with kernel compromise.
CVE-2022-25723 Multimedia memory corruption due to callback registration failure.
CVE-2022-25736 Denial of service in WLAN due to out-of-bound read happens in Snapdragon Auto, Snapdragon Compute, etc.
CVE-2022-39253 Git is an open source revision control system. Versions before 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are vulnerable to exposure of sensitive information.
CVE-2022-25749 Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames
CVE-2022-3606 A vulnerability was found in the Linux Kernel. It is categorized as a problematic issue. The BPF library's function find_prog_by_sec_insn can be used to crash the system.
CVE-2022-42466 An end user could set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value is saved.
CVE-2022-42467 The h2 webconsole module is available in prototype mode with the ability to query the database.
CVE-2016-20017 The D-Link DSL-2750B devices before 1.05 are vulnerable to remote command injection. In 2016-2018, this was exploited in the wild.
CVE-2016-20016 MVPower CCTV DVRs have a web shell that can be accessed via a /shell URI. An attacker can execute arbitrary operating system commands as root.
CVE-2022-38901 The Liferay Digital Experience Platform 7.3.10 SP3 Document and Media module - file upload functionality allows remote attackers to inject arbitrary JS script or HTML.
CVE-2022-35860 AES encryption in the Corsair K63 Wireless 3.1.3 can be sniffed by attackers if they are physically close.
CVE-2022-40798 OcoMon 4.0RC1 is vulnerable to Incorrect Access Control
CVE-2022-33077 An access control issue in nopcommerce v4.50.2 allows attackers to modify any customer's address.
CVE-2022-41500 EyouCMS V1.5.9 had multiple CSRF vulnerabilities in the Members Center, Editorial Membership, and Points Recharge components.
CVE-2022-42218 The Open Source SACCO Management System v1.0 is vulnerable to SQL injection.
CVE-2022-21622 The Oracle SOA Suite product is affected by a vulnerability in the Adapters component. The vulnerable versions are 12.2.1.3.0 and 12.2.1.4.0.
CVE-2022-21624 An issue in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE causes JNDI to be vulnerable.
CVE-2022-21626 An Oracle Java SE flaw allows attackers to remotely execute arbitrary code.
CVE-2022-21627 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-39422 Vulnerability in Oracle VirtualBox that affects Prior to 6.1.38 versions.
CVE-2022-39423 Vulnerability in Oracle VirtualBox that affects Prior to 6.1.38 versions.
CVE-2022-39424 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-39407 Oracle PeopleSoft's Enterprise PeopleTools product is affected by a vulnerability that causes supported versions to be affected.
CVE-2022-21589 MySQL Server has a vulnerability that affects versions 5.7.39 and 8.0.16.
CVE-2022-21628 Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition.
CVE-2022-21594 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21590 Oracle BI Publisher is vulnerable to a vulnerability in 5.9.0.0, 6.4.0.0, 12.2.1.3.0, and 12.2.1.4.0. This can allow for manipulation of data.
CVE-2022-21595 The MySQL Server product is vulnerable to Oracle MySQL 5.7.36 and 8.0.27.
CVE-2022-21596 The affected version is 19c. END>
CVE-2022-21597
CVE-2022-21602 An issue in the Oracle PeopleSoft Enterprise PeopleTools product 8.58, 8.59, and 8.60 is affected.
CVE-2022-21591 Oracle Transportation Management is vulnerable to attacks in 6.4.3 and 6.5.1 versions.
CVE-2022-21606 Oracle Services for Microsoft Transaction Server component of Oracle Database Server is vulnerable to CVE-2018-2719. The affected version is 19c.
CVE-2022-21598 Oracle Siebel CRM's DB Deployment and Configuration product is affected by a vulnerability. Affected versions are 22.8 and prior.
CVE-2022-21623 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager. affected versions are 13.4.0.0 and 13.5.0.0
CVE-2022-39401 Oracle Solaris kernel is affected by vulnerability CVE-2017-1000144. The affected version is 11.
CVE-2022-21621 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-39406 Oracle PeopleSoft Enterprise CComponent is affected by a vulnerability in version 9.2. The supported version that is affected is 9.2.
CVE-2022-21604 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-39419 The Oracle Database Vulnerability affects versions 19c and 21c.
CVE-2022-39420 Oracle Transportation Management product is vulnerable to DML in 6.4.3 and 6.5.1.
CVE-2022-39421 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-39417 An exploit for the Oracle Solaris Filesystem vulnerability is possible. The affected version is 11.
CVE-2022-39402 A vulnerability in the MySQL Shell product of Oracle MySQL is affecting versions 8.0.30 and prior.
CVE-2022-39403 A vulnerability in the MySQL Shell product of Oracle MySQL is affecting versions 8.0.30 and prior.
CVE-2022-39405 Oracle Access Manager has a vulnerability that affects versions 12.2.1.3.0 and earlier.
CVE-2022-39408 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21620 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-21617 MySQL Server has a vulnerability that affects versions 5.7.39 and 8.0.30 and later.
CVE-2022-21625 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21613 Oracle Enterprise Data Quality is vulnerable to a dashboard vulnerability. Affected versions are 12.2.1.3.0 and 12.2.1.4.0.
CVE-2022-21614 Oracle Enterprise Data Quality is vulnerable to a dashboard vulnerability. Affected versions are 12.2.1.3.0 and 12.2.1.4.0.
CVE-2022-21615 Oracle Enterprise Data Quality is vulnerable to a dashboard vulnerability. Affected versions are 12.2.1.3.0 and 12.2.1.4.0.
CVE-2022-21616 Vulnerability in Oracle WebLogic Server. Vulnerable versions are 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0. Impacted versions are 12.2.1.2.0 and 12.2.1.1.0.
CVE-2022-21618 An unpatched vulnerability in Oracle Java SE could affect Oracle GraalVM Enterprise Edition 19, 21.3.3, and 22.2.0. This vulnerability could be exploited to gain access to sensitive information.
CVE-2022-21619 An Oracle Java SE flaw allows attackers to remotely execute arbitrary code.
CVE-2022-21609 Vulnerability in Oracle Business Intelligence Enterprise Edition 5.9.0.0 product. Affected version is 5.9.0.0.
CVE-2022-39425 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-21593 The Oracle HTTP Server is vulnerable to a vulnerability in 12.2.1.3.0 and 12.2.1.4.0 versions.
CVE-2022-21638 MySql server is vulnerable to a security issue in 8.0.29 and earlier.
CVE-2022-21587 Vulnerability in Oracle E-Business Suite Desktop Integrator product. Affected versions are 12.2.3-12.2.11.
CVE-2022-21600 The MySQL Server product of Oracle MySQL is vulnerable to a vulnerability that affects versions 8.0.27 and prior.
CVE-2022-39428 Vulnerability in Oracle E-Business Suite Desktop Integrator product. Affected versions are 12.2.3-12.2.11.
CVE-2022-39426 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-39427 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-21634 Oracle Java SE component, LLVM Interpreter, has a vulnerability that affects versions 20.3.7, 21.3.3, and 22.2.0.
CVE-2022-21630 Vulnerability in Oracle JD Edwards tools product 9.2.6.4 and earlier.
CVE-2022-21639 Oracle PeopleSoft's PeopleTools product is vulnerable to a PeopleTools component vulnerability. This component is affected by 8.59 and 8.60.
CVE-2022-42114 An XSS vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36 and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
CVE-2022-21629 Vulnerability in Oracle JD Edwards tools product 9.2.6.4 and earlier.
CVE-2022-39399 An issue was discovered in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE. The vulnerability could be exploited to execute arbitrary code.
CVE-2022-39411 Oracle Transportation Management is affected by a vulnerability in versions 6.4.3 and 6.5.1.
CVE-2022-42116 The Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script.
CVE-2022-42113 Liferay Portal 7.4.3.30 - 7.4.3.36 has an XSS vulnerability that allows attackers to inject arbitrary scripts or HTML.
CVE-2022-42112 An XSS vulnerability in Liferay Portal's Sort widget allows attackers to inject arbitrary JavaScript.
CVE-2022-42117 The Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6 and 7.4 before update 17 is vulnerable to XSS. This can be used to perform malicious activities.
CVE-2022-42115 Liferay Portal has an XSS vulnerability that allows attackers to inject arbitrary web script or HTML.
CVE-2022-21637 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-21636 The Oracle Applications Framework is affected by a vulnerability in versions 12.2.6-12.2.11. Versions earlier than 12.2.6 are not affected.
CVE-2022-39404 The MySQL Installer is vulnerable to CVE-2016-2107. This affects versions 1.6.3 and prior.
CVE-2022-21599 An exploit could be created by a vulnerability in the MySQL Server of Oracle MySQL that affects versions 8.0.30 and prior.
CVE-2022-39410 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21635 An InnoDB vulnerability is the MySQL Server product of Oracle MySQL that affects versions 8.0.29 and earlier.
CVE-2022-21632 MySQL Server has a vulnerability that affects versions 8.0.30 and earlier.
CVE-2022-39400 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21608 My MySQL Server is vulnerable to a security issue in 5.7.39 and 8.0.30.
CVE-2022-21607 My MySQL Server product is vulnerable to a vulnerability in Oracle MySQL 8.0.28 and earlier.
CVE-2022-21612 Oracle Enterprise Data Quality is vulnerable to a dashboard vulnerability. Affected versions are 12.2.1.3.0 and 12.2.1.4.0.
CVE-2022-39412 The 12.2.1.4.0 Oracle Access Manager product is affected by a vulnerability.
CVE-2022-21592 MySql is prone to a security vulnerability that was discovered in versions 5.7.39 and 8.0.29.
CVE-2022-21641 MySql server is vulnerable to a security issue in 8.0.29 and earlier.
CVE-2022-21611 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-39409 Oracle Transportation Management is affected by a vulnerability in versions 6.4.3 and 6.5.1.
CVE-2022-21640 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21603 Vulnerability in Oracle Database Sharding component. 19c and 21c are affected.
CVE-2022-21633 Vulnerability in the MySQL Server product of Oracle MySQL that affects 8.0.30 and prior versions.
CVE-2022-21605 My MySQL Server is vulnerable to a database attack in versions 8.0.28 and earlier.
CVE-2022-21601 An Oracle Communications Vulnerability is being reported with versions 12.0.0.4.0-12.0.0.7.0 being affected.
CVE-2022-3593 An issue was found in the Linux Kernel. It's classified as problematic. The function mptcp_limit_get_set of the file ip/ipmptcp.c of the IP routing component iproute2 causes a memory leak.
CVE-2022-3595 The sess_free_buffer function of the CIFS handler can be manipulated to cause a double free.
CVE-2022-3594 An issue was found in Linux Kernel, the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF was vulnerable to logging excessive data.
CVE-2022-39198 Vulnerability in deserialization of dubbo hessian-lite could lead to malicious code execution.
CVE-2022-42188 XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
CVE-2022-41537 The v1.0 of the Tours & Travels Management System had an arbitrary file upload vulnerability.
CVE-2022-43260 An AC18 V15.03.05.19(6318) was found to have a stack overflow in the fromSetSysTime function.
CVE-2022-41547 The MobSF v0.9.2 and below had a LFI vulnerability in the StaticAnalyzer/views.py script.
CVE-2022-41540 The TP-Link AX10v1 V1_211117 web app client uses hard-coded cryptographic keys to communicate with the router.
CVE-2022-41544
CVE-2022-43259 Tenda AC15 V15.03.05.18 had a stack overflow vulnerability in the timeZone parameter of the form_fast_setting_wifi_set function.
CVE-2022-41541 An attacker can replay an encrypted authentication message and valid authentication token with the AX10v1 V1_211117 device.
CVE-2022-33874 Insecure neutralization of special elements in SSH login components may allow unauthenticated remote attackers to gain remote admin access.
CVE-2022-33872 In some Telnet components of FortiTester, an improper neutralization of special elements may allow an unauthenticated remap of commands.
CVE-2020-15853 supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS
CVE-2022-41504 An upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code.
CVE-2022-41479 The DevExpress Resource Handler does not verify objects in the /DXR.axd?r= GET parameter.
CVE-2022-42202 TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).
CVE-2022-3587 SourceCodester Simple Cold Storage Management System 1.0 has a vulnerability that causes My Account to malfunction.
CVE-2022-36438 ASUS Switch sets weak file permissions, leading to local privilege escalation. This can be used to delete files arbitrarily.
CVE-2022-40889 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
CVE-2022-3580 An issue has been found in SourceCodester Cashier Queuing System 1.0.1 that affects user creation processing. Manipulation leads to cross site scripting.
CVE-2022-3582 A vulnerability in SourceCodester Simple Cold Storage Management System 1.0 is harmful.
CVE-2022-3583 Vulnerability found in SourceCodester Canteen Management System 1.0. Business argument is manipulated to achieve sql injection.
CVE-2022-3584 A critical vulnerability was found in SourceCodester Canteen Management System 1.0. The id argument can be manipulated for sql injection.
CVE-2022-3579 An unknown vulnerability was found in SourceCodester Cashier Queuing System 1.0. The vulnerability affects the file /queuing/login.php of the component Login Page.
CVE-2022-3581 A vulnerability was found in SourceCodester Cashier Queuing System 1.0, a component of Cashiers Tab. The manipulation of the argument Name can lead to cross site scripting.
CVE-2022-3339 An XSS vulnerability in ePO 5.10 before Update 14 allows an attacker to access the administrator's session of an authenticated ePO admin.
CVE-2022-31037 OroCommerce is an open-source Business to Business Commerce application
CVE-2022-31122 Wire is an encrypted communication and collaboration platform. Versions before 2022-07-12 are subject to Token Recipient Confusion
CVE-2022-39058 RAVA certification validation system has a path traversal vulnerability
CVE-2022-39057 The Ravva certificate validation system has insufficient filtering for special parameter of the web page input field.
CVE-2022-39056 RAVA certificate validation system has insufficient validation for user input
CVE-2022-39055 RAVA certificate validation system has inadequate filtering for URL parameter
CVE-2022-22224
CVE-2022-22235 An improper check in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause Denial of Service.
CVE-2022-22232 A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series can cause a Denial of Service.
CVE-2022-22230 Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Junos OS Evolved can be DoSed with an adjacent unauthenticated attacker.
CVE-2022-22226 An Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to crash the PFE.
CVE-2022-22225 An attacker with an established BGP session can cause a Denial of Service in Routing Protocol Daemon of Juniper Networks Junos OS and Junos OS Evolved.
CVE-2022-22228 An attacker can cause an RPD memory leak, which leads to a DoS.
CVE-2022-22219 An attacker in direct control of a BGP client, or via a machine in the middle, can cause Juniper Networks Junos OS and Junos OS Evolved to mishandle EVPN routes.
CVE-2022-22208 Routing Protocol Daemon (rdp) Use After Free vulnerability allows an unauthenticated network attacker to Denial of Service.
CVE-2022-22201 The validation of Index, Position, or Offset in Junos Packet Forwarding Engine is vulnerable to Denial of Service.
CVE-2022-22192 The PTX series of Juniper Networks Junos OS is vulnerable to an attack that causes a Denial of Service.
CVE-2022-22218 An Incorrect Check for Unusual or Exceptional Conditions on SRX Series devices allows a network-based, unauthenticated attacker to crash the device.
CVE-2022-22227 The Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved has an Improper Check for Unusual or Exceptional Conditions vulnerability that allows a network-based attacker to cause a DoS.
CVE-2022-22211 FPC resources of Juniper Networks Junos OS Evolved on PTX Series can be compromised to cause a Denial of Service.
CVE-2022-22223 QFX10000 Series devices using Juniper Networks Junos OS as transit IP/MPLS PHP nodes with LAG interfaces can have input validation issues.
CVE-2022-22249 An attacker can cause a Denial of Service through the PFE of Juniper Networks Junos OS on MX Series.
CVE-2022-22234 An attacker with low privileges can cause a Denial of Service in the Junos Packet Forwarding Engine.
CVE-2022-22229 An XSS vulnerability in the Control Center Controller pages of Juniper Networks Paragon Active Assurance allows for persistent attacks.
CVE-2022-22248 An Incorrect Permission Assignment vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands.
CVE-2022-22236 An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway of Juniper Networks Junos OS on SRX and MX allows an unauthenticated, network-based attacker to cause a Denial of Service.
CVE-2022-22233 An unchecked return value to NULL pointer dereference vulnerability in Juniper Network's Routing Protocol Daemon (rpd) allows a locally authenticated attacker with low privileges to cause a DoS.
CVE-2022-22250 In Junos OS and Junos OS Evolved, an attacker can cause a DoS by controlling a resource through its lifetime.
CVE-2022-22237 An attacker can compromise Junos OS confidentiality or integrity by attacking the kernel.
CVE-2022-22242 J-Web has an XSS vulnerability that allows an attacker to run malicious scripts in the victim's session.
CVE-2022-22247 An Ingress TCP segment processing vulnerability in Juniper Networks Junos OS Evolved allows a network-based attacker to send a crafted TCP segment to the device, triggering a kernel panic and Denial of Service.
CVE-2022-22220 An exploit in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved can cause a Denial of Service.
CVE-2022-22251 In Juniper Networks Junos OS, software permission issues and passwords in Junos OS are vulnerable to local low-privilege attacks.
CVE-2022-22244 The J-Web component of Juniper Networks Junos OS has an XPath injection vulnerability that can be used to attack other components, resulting in a partial compromise.
CVE-2022-22246 An LFI vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged attacker to execute an untrusted PHP file.
CVE-2022-22243 An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an attacker to add an XPath command, which may lead to other vulnerabilities.
CVE-2022-22240 Allocates resources without limits or throttling, and releases memory after an effective lifetime. Local auth required.
CVE-2022-22239 An attacker with low privileges can escalate their privileges on the device and potentially remote systems of Juniper Networks Junos OS Evolved.
CVE-2022-22238 An attack on the routing protocol daemon (rpd) can cause a Denial of Service.
CVE-2022-22241 An IAV vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data.
CVE-2022-3569 ZCS has a local privilege escalation vulnerability in versions 9.0.0 and prior, where the 'zimbra' user can coerce postfix into running arbitrary commands as 'root'.
CVE-2022-3158 Rockwell Automation VantagePoint versions 8.0-8.30 are vulnerable to an input validation vulnerability.
CVE-2020-8974 The firmware upload in ZGR TPS200 NG 2.00 and 1.01 doesn't have restrictions.
CVE-2020-8975 TPS200 NG in 2.00 and 1.01 firmware versions allows remote attackers with access to the web application to access sensitive information about the system.
CVE-2020-8976 The ZGR TPS200 NG integrated server on 2.00 firmware and 1.01 hardware allows a remote attacker to perform actions as the victim user.
CVE-2020-8973 TPS200 NG in 2.00 and 1.01 firmware doesn't accept specially constructed requests.
CVE-2022-42142 Ip/tour/admin/operations/update_settings.php is vulnerable to arbitrary code execution.
CVE-2022-41431 The component /admin/question/edit in xzs v3.8.0 had an XSS flaw.
CVE-2022-38743 Rockwell Automation VantagePoint versions 8.0 to 8.31 are vulnerable to an improper access control vulnerability.
CVE-2022-3368 The Software Updater had a vulnerability that allowed an attacker with write access to the filesystem to escalate their privileges.
CVE-2022-42143 Open Source SACCO Management System v1.0 is vulnerable to SQL Injection Attack.
CVE-2022-40606 In 4.1.0, XSS in the Operations tab and Debrief plugin is possible via a crafted operation name. This is different than CVE-2022-40605.
CVE-2022-42147 kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
CVE-2022-3552 Upload of file with dangerous type in GitHub repository was allowed before v0.0.1.
CVE-2022-3382 The Robot System Software version 3.3.21.9869 has an error that handles terminated commands.
CVE-2022-42149 The main application file, KF 4.0, is vulnerable to SSRF due to a controller call.
CVE-2022-3517 A vulnerability was found in the minimatch package
CVE-2022-3421 An attacker can pre-create the /Applications/Google Drive.app/Contents/MacOS directory which is owned by root.
CVE-2022-40605 In 4.1.0, XSS in the Operations tab and/or Debrief plugin is possible due to a different vulnerability than CVE-2022-40606.
CVE-2022-32176 V2.5.1-v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code through the "Compress Upload" functionality.
CVE-2022-3564 A critical vulnerability was found in Linux Kernel's function l2cap_reassemble_sdu of the component Bluetooth. The manipulation leads to use after free.
CVE-2022-3565 A critical vulnerability was found in the Linux Kernel function del_timer of the Bluetooth component. Using this issue leads to use after free.
CVE-2022-3566 A vulnerability was found in Linux Kernel TCP Handler which leads to a race condition.
CVE-2022-26375 Auth
CVE-2022-40055 Brute force attack can escalate privileges in GX Group GPON ONT 2122A T2122-V1.26EXL.
CVE-2022-42029 Chamilo 1.11.16 is vulnerable to authenticated local file inclusion. This can be exploited to copy/move files from anywhere in the file system into the web directory.
CVE-2022-3559 An issue with Exim was found and is critical. It involves memory corruption and use after free. The patch name is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2.
CVE-2022-41751 Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing commands in a JPEG filename and using the regeneration option.
CVE-2022-2428 An attacker can make HTTP requests as a tag in the Jupyter Notebook viewer in GitLab EE/CE before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 is affected.
CVE-2022-3030 An access control issue in GitLab CE/EE before 15.1.6, 15.2.4, 15.3.2 allows disclosure of pipeline status to unauthorized users.
CVE-2022-3283 A DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.2.5, 15.3, 15.4, and older.
CVE-2022-42221 The R6400 v1.1.0.114_1.0.1 router has an Incorrect Access Control vulnerability, which is a command injection vulnerability.
CVE-2022-3066 An issue was discovered in GitLab starting from 10.0 before 15.2.5, 15.3 before 15.3.4, 15.4 before 15.4.1.
CVE-2022-3060 An authenticated attacker can create content in Error Tracking in GitLab CE/EE that could cause a victim to make unintended requests.
CVE-2022-3031 An issue was found in GitLab CE/EE before 15.1.6, 15.2 before 15.2.4, 15.3 before 15.3.2.
CVE-2022-2884 Vulnerability in GitLab CE/EE from 11.3.4 to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3.1 allows authenticated user to execute code via the Import from GitHub API endpoint.
CVE-2020-35539 Wordpress 5.1 has a security flaw that leaks client IP address in X-Forwarded-For header.
CVE-2019-14841 An attacker can change their role in the RHDM.
CVE-2019-14840 An issue was found in RHDM where password fields may leak credentials.
CVE-2017-7517 An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift.
CVE-2022-2455 The business logic of handling large repositories in GitLab before 15.1.6, 15.2.4, and 15.3.2 allowed an authenticated and authorized user to access sensitive data.
CVE-2022-3330 An inaccessible note in Gitlab CE/EE can affect all versions 15.0-15.2.5, 15.3-15.3.4, and 15.4-15.4.1.
CVE-2022-3293 Email addresses were leaked in WebHook logs in GitLab EE prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.
CVE-2022-3279 An unhandled exception in job log parsing in GitLab CE/EE before 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs.
CVE-2022-0699 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases
CVE-2022-2865 An issue with cross-site scripting has been found in GitLab CE/EE prior to 15.3.2, 15.2 to 15.2.4, and 15.1.6.
CVE-2022-3067 An issue was found in the Import functionality of GitLab CE/EE versions before 15.2.5, 15.3.4, 15.4.1.
CVE-2022-2592 Snippet descriptions in GitLab CE/EE prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 have a lack of length validation which can be abused by attackers to create maliciously large Snippets.
CVE-2022-3288 The branch/tag name confusion in GitLab CE/EE older than 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows attackers to manipulate pages where the default branch would be expected.
CVE-2022-3291 Data in GitLab EE older than 15.2.5, 15.3.4, and 15.4.1 can be leaked via the cache.
CVE-2022-2630 An access control issue in GitLab CE/EE older than 15.2.4 and 15.3.2 that allows disclosure of confidential information via the Incident timeline events.
CVE-2022-2533 An issue was discovered in GitLab before 12.10, 15.2, 15.3, and 15.4.
CVE-2022-3351 Issue in 13.7, 15.3.4, 15.4.1, and earlier versions.
CVE-2022-23769 An attacker can get remote code execution by tricking the user into providing insufficient privilege verification.
CVE-2022-3331 An issue was found in GitLab EE versions before 15.2.4, 15.3.2, and 14.5 before 15.1.6.
CVE-2022-3540 An issue has been discovered in hunter2 affecting all versions before 2.1.0
CVE-2022-2908 An attack in Gitlab CE/EE versions starting from 10.7 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1 could result in high CPU usage.
CVE-2022-2931 A DOS vulnerability was discovered in GitLab before 15.1.6, 15.2.4, 15.3.2.
CVE-2022-41542 devhub 0.102.0 was discovered to contain a broken session control.
CVE-2022-42171 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.
CVE-2022-41498 The id parameter of the Billing System Project v1.0 SQL injection vulnerability was found.
CVE-2022-41472 An XSS vulnerability was found in CMS v3.12.0 via the apiadmin/notice/add component.
CVE-2022-42237 An SQL injection issue in Merchandise Online Store v.1.0 allows attackers to log in to the admin account.
CVE-2022-42168 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
CVE-2022-42169 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.
CVE-2022-42167 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVE-2022-42170 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
CVE-2022-42166 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
CVE-2022-3550 An issue in X.org Server was found, which involves the function _GetCountedString of xkb.c. The manipulation leads to a buffer overflow, which is recommended to fix.
CVE-2022-42165 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVE-2022-42163 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.
CVE-2022-3555 X.org libX11 has a vulnerability. Manipulation of the argument dpy leads to memory leak.
CVE-2022-3554 X.org libX11 has a vulnerability that leaks memory.
CVE-2022-3542 An issue with the bnx2x_tpa_stop function of the BPF driver is found in the Linux Kernel. The vulnerability leads to a memory leak.
CVE-2022-3282 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking user input sent when submitting the form.
CVE-2022-3151 The WP Custom Cursors plugin before 3.0.1 didn't have CSRF check, which could allow attackers to delete arbitrary cursors as an admin.
CVE-2022-3548 SourceCodester Simple Cold Storage Management System 1.0 has a vulnerability that affects unknown code.
CVE-2022-3206 The Passster plugin before 3.5.5.5.2 stored passwords in cookies using base64 encoding, which can be decoded.
CVE-2022-3150 The WP Custom Cursors plugin through 3.0 doesn't properly sanitise and escape a parameter, which leads to a SQL injection vulnerability that can be exploited by high-privileged users.
CVE-2022-3541 A critical Linux Kernel vulnerability has been found, affecting the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free.
CVE-2022-3139 We're Open! plugin before 1.42 has settings that could allow high privilege users to perform Stored Cross-site Scripting attacks.
CVE-2022-3545 A critical vulnerability has been found in the Linux Kernel affecting the IPsec function area_cache_get.
CVE-2022-3243 The Import all XML, CSV & TXT WordPress plugin before version 6.5.8 is vulnerable to SQL injection by high privilege users such as admin.
CVE-2022-3549 An issue was found in SourceCodester Simple Cold Storage Management System 1.0 that affects Avatar Handler file processing.
CVE-2022-2574
CVE-2022-3546 The component Create User Handler has a vulnerability that allows for some unknown functionality to be accessed. This could be used to steal user information.
CVE-2022-3126 The Frontend File Manager Plugin before 21.4 did not have CSRF check, which could allow attackers to make logged in users upload files on their behalf.
CVE-2022-3547 a vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. This affects an unknown part of the file /csms/admin/?page=system_info.
CVE-2022-3543 A vulnerability in the Linux Kernel was found, which affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c. The vulnerability leads to a memory leak.
CVE-2022-3131 The Search Logger plugin through 0.9 does not properly sanitise and escape a parameter, which leads to a SQL injection. This is a high privilege exploit.
CVE-2022-3244
CVE-2022-3534 A critical vulnerability has been found in the Linux Kernel's btf_dump_name_dups function. It can lead to use after free.
CVE-2022-3281 WAGO PFC100/200, Touch Panel 600, CC100 and Edge Controller are prone to a loss of MAC-Address-Filtering after reboot.
CVE-2022-2052 Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords
CVE-2022-3532 Vulnerability found in BPF component. It has memory leak.
CVE-2022-3533 An issue was found in the Linux Kernel. It is rated as problematic. The function parse_usdt_arg of the file tools/lib/bpf/usdt.c has a memory leak when the argument reg_name is manipulated.
CVE-2022-3531 A vulnerability was found in Linux Kernel, which is classified as problematic. The manipulation leads to memory leak.
CVE-2022-3501 Article template contents with sensitive data could be accessed from agents without permissions.
CVE-2022-39052 An external attacker can send a malicious email that can crash the system.
CVE-2022-3535 An issue was found in Linux Kernel mvpp2_dbgfs_port_init of drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c that affects mvpp2.
CVE-2022-42980 go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
CVE-2022-42983 Spoofing JWT Tokens allows attackers to bypass login authentication.
CVE-2022-42975 socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding
CVE-2022-3526 An issue was found in Linux Kernel's macvlan_handle_frame function. It can be manipulated to leak memory.
CVE-2022-3528 A vulnerability was found in the Linux Kernel component mptcp_addr_show. The manipulation leads to a memory leak.
CVE-2022-3527 a vulnerability in Linux kernel, which affects ipneigh_get function of ip/ipneigh.c component of iproute2. Manipulation leads to memory leak.
CVE-2022-3529 A vulnerability has been found in Linux Kernel fdb_get function, affected are iproute2 component. Memory leak is possible.
CVE-2022-3530 An issue was found in the Linux kernel ip/ipaddress.c function ipaddr_link_get and leads to memory leak.
CVE-2022-3524 An issue was found in the Linux Kernel IPv6 renewal functionality. A memory leak vulnerability can be triggered by sending a specially crafted packet.
CVE-2022-3523 The Linux Kernel was found to have a vulnerability. The vulnerability is in mm/memory.c of the Driver Handler component. The vulnerability causes use after free.
CVE-2022-3522 A vulnerability was found in Linux Kernel and classified as problematic. The hugetlb_no_page function race condition is vulnerable. It is recommended to apply a patch to fix this issue.
CVE-2022-3521 A vulnerability has been found in Linux Kernel and is classified as problematic. The kcm_tx_work function of the net/kcm/kcmsock.c component kcm can be manipulated to lead to a race condition.
CVE-2022-41323 In Django 3.2.x before 3.2.16, 4.0.x before 4.0.8, and 4.1.x before 4.1.2,
CVE-2022-42969 The py library through 1.11.0 for Python lets attackers conduct a ReDoS attack via a Subversion repository with crafted info data.
CVE-2022-42968 Gitea before 1.17.3 does not sanitize and escape refs in the git backend
CVE-2022-3518 A problem with SourceCodester Sanitization Management System 1.0 is an unknown function of the component User Creation Handler.
CVE-2022-3519 An unknown function of the component Quote Requests Tab is affected by a vulnerability.
CVE-2022-42961 An attack on RAM can lead to ECDSA key disclosure.
CVE-2017-20149 The Mikrotik RouterOS web server can be vulnerable to memory corruption, aka Chimay-Red, if a remote and unauthenticated user sends a crafted HTTP request.
CVE-2022-41436 An issue in TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via the URL http://device_ip/index1.html.
CVE-2022-38437 Acrobat versions 22.002.20212 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.
CVE-2022-38449 Acrobat versions 22.002.20212 and earlier are affected by a memory disclosure vulnerability.
CVE-2022-38448 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38447 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38442 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38441 An out-of-bounds read vulnerability in Adobe Dimension versions 3.4.5 could let attackers read past the end of an allocated memory structure.
CVE-2022-38450 Adobe Reader versions 22.002.20212 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2022-38423 ColdFusion versions Update 14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory vulnerability. This could result in information disclosure.
CVE-2022-38421 ColdFusion versions Update 14 and earlier are affected by an 'Improper Limitation of a Pathname to a Restricted Directory' vulnerability that could allow arbitrary code execution.
CVE-2022-38419 ColdFusion versions 14 and earlier are affected by an XXE vulnerability that could lead to arbitrary file system read.
CVE-2022-38418 ColdFusion versions Update 14 and earlier are affected by an 'Improper Limitation of a Pathname to a Restricted Directory' vulnerability that could allow arbitrary code execution.
CVE-2022-38420 ColdFusion versions Update 14, Update 4 are affected by a Use of Hard-coded Credentials vulnerability that could lead to application denial-of-service.
CVE-2022-35712 ColdFusion versions Update 14 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could compromise the user's system.
CVE-2022-35698 Adobe Commerce versions 2.4.4-p1 and 2.4.5 are affected by a Stored XSS vulnerability.
CVE-2022-35710 ColdFusion versions Update 14 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could allow arbitrary code execution in the context of the current user.
CVE-2022-38440 An out-of-bounds read vulnerability in Adobe Dimension versions 3.4.5 could let attackers read past the end of an allocated memory structure.
CVE-2022-35689 Adobe Commerce versions 2.4.4-p1 and 2.4.5 are affected by a vulnerability that could result in a security feature bypass.
CVE-2022-41623 Data exposure of sensitive information in Villatheme ALD using WooCommerce premium plugin = 1.1.0.
CVE-2022-38444 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-35711 ColdFusion versions Update 14 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could compromise the user's system.
CVE-2022-39309 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-35690 ColdFusion versions Update 14 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could allow arbitrary code execution in the context of the current user.
CVE-2022-38445 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-41416 The system was found to have a SQL injection vulnerability via the id parameter.
CVE-2022-39310 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-39311 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-35691 Adobe Acrobat versions 22.002.20212 and earlier are affected by a NULL Pointer Dereference vulnerability.
CVE-2022-38446 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-42340 Adobe ColdFusion versions Update 14 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read.
CVE-2022-42341 ColdFusion versions 14 and earlier are affected by an XXE vulnerability that could lead to arbitrary file system read.
CVE-2022-42342 Acrobat versions 22.002.20212 and earlier are affected by a memory disclosure vulnerability.
CVE-2022-38422 ColdFusion versions Update 14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory vulnerability. This could result in information disclosure.
CVE-2022-38443 Dimension 3.4.5 is vulnerable to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass ASLR.
CVE-2022-42339 Adobe Reader versions 22.002.20212 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2022-38677 In cell service, there is a missing permission check
CVE-2022-39128 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39126 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39123 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39122 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39124 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38670 In soundrecorder service, there is a missing permission check
CVE-2022-39120 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38676 In gpu driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-2985 In music service, there is a missing permission check
CVE-2022-38669 In soundrecorder service, there is a missing permission check
CVE-2022-2984 In jpg driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39117 In messaging service, there is a missing permission check
CVE-2022-39115 In Music service, there is a missing permission check
CVE-2022-38679 In music service, there is a missing permission check
CVE-2022-39111 In Music service, there is a missing permission check
CVE-2022-38671 In camera driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39105 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38697 In messaging service, there is a missing permission check
CVE-2022-38689 In telephony service, there is a missing permission check
CVE-2022-38687 In messaging service, there is a missing permission check
CVE-2022-38690 In camera driver, there is a possible memory corruption due to improper locking
CVE-2022-39080 In messaging service, there is a missing permission check
CVE-2022-39103 In Gallery service, there is a missing permission check
CVE-2022-39108 In Music service, there is a missing permission check
CVE-2022-39107 In Soundrecorder service, there is a missing permission check
CVE-2022-39110 In Music service, there is a missing permission check
CVE-2022-39109 In Music service, there is a missing permission check
CVE-2022-39112 In Music service, there is a missing permission check
CVE-2022-38698 In messaging service, there is a missing permission check
CVE-2022-41477 A security issue was discovered in WeBid <=1.2.2
CVE-2022-38672 In face detect driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38673 In face detect driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38688 In telephony service, there is a missing permission check
CVE-2022-2963 A vulnerability found in jasper
CVE-2022-2850 An attacker can exploit a NULL pointer dereference in the Content Synchronization plugin to cause a denial of service.
CVE-2022-41303 An attacker may trick a user into opening a malicious FBX file containing a use-after-free vulnerability to run arbitrary code in the application.
CVE-2021-22685 An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1
CVE-2022-20397 An out of bounds write in SitRilClient_OnResponse could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2021-0699 An out of bounds write in HTBLogKM could lead to local escalation of privilege in the kernel.
CVE-2022-20464 In ap_input_processor.c there is a possible way to record audio during a phone call due to a logic error. This could lead to local information disclosure with User execution privileges needed.
CVE-2022-3479 A vulnerability found in nss
CVE-2022-41304 An OOB write vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution or information disclosure.
CVE-2022-42232 The v1.0 version of the Cold Storage Management System is vulnerable to SQL Injection.
CVE-2022-41302 An OOB vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure.
CVE-2022-41305 Malicious PKT file could lead to memory corruption vulnerability by write access violation.
CVE-2022-41306 Malicious PCT file could lead to memory corruption vulnerability by write access violation.
CVE-2022-41307 Malicious PKT file could lead to memory corruption vulnerability by read access violation.
CVE-2022-42234 There is a file inclusion vulnerability in the template management module in UCMS 1.6
CVE-2021-27406 An attacker can take advantage of versions 1.4.1.0 and earlier to send a config command from the local host to force the back-end server to initialize a new openVPN instance.
CVE-2022-38980 The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol. Successful exploitation may allow attackers to obtain process control permissions.
CVE-2022-37603 An ReDoS flaw was found in Function interpolateName in webpackloader-utils 2.0.0 via the url variable.
CVE-2022-38982 The fingerprint module has service logic errors, which can be exploited to crack the phone lock.
CVE-2022-38981 The HwAirlink module has an out-of-bounds read vulnerability. Successful exploitation may cause information leakage.
CVE-2022-41601 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2021-46839 The HW_KEYMASTER module has a vulnerability of missing bounds check on length. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-38986 The HIPP module has a vulnerability that bypasses the check of data transferred in the kernel space. Successful exploitation may cause out-of-bounds access and page table tampering, affecting device confidentiality.
CVE-2022-38998 The HISP module has a vulnerability where it doesn't verify data in kernel space and can lead to an out-of-bounds read, affecting data confidentiality.
CVE-2022-41577 The kernel server has a vulnerability of not verifying the length of data transferred in the user space, which may cause an out-of-bounds read and device confidentiality and availability.
CVE-2022-41576 The rphone module has a script that can be modified to cause irreversible programs to be implanted on user devices.
CVE-2022-41592 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41598 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2021-46840 The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification. Successful exploitation may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-41597 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41595 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41594 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41593 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41600 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41602 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-38977 The HwAirlink module has a heap overflow vulnerability. Successful exploitation may cause out-of-bounds writes, which may lead to modification of sensitive data.
CVE-2022-39011 The HISP module has a vulnerability that allows access in the kernel space. Successful exploitation may cause unauthorized access.
CVE-2022-41603 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-42067 The birth certificate management system version 1.0 has an IDOR vulnerability.
CVE-2022-38984 The HIPP module has a vulnerability of not verifying data transferred in the kernel space. This vulnerability affects the confidentiality of the data.
CVE-2022-38985 The facial recognition module has a vulnerability in input validation, which may affect data confidentiality.
CVE-2022-38983 The BT Hfp Client module has a Use-After-Free vulnerability that may lead to arbitrary code execution.
CVE-2022-41587 Uncaptured exceptions in the home screen module
CVE-2022-41581 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-41583 The storage maintenance and debugging module has an array out-of-bounds read vulnerability. Successful exploitation will cause incorrect statistics.
CVE-2022-39065 An unresponsive TRÅDFRI gateway can make connected lighting controls non-functional.
CVE-2022-39064 An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink and perform a factory reset.
CVE-2022-41578 The MPTCP module has an out-of-bounds write vulnerability. Successful exploitation may lead to privilege escalation attacks.
CVE-2022-41585 The kernel module has an out-of-bounds read vulnerability. Successful exploitation may cause memory overwriting.
CVE-2022-41582 The security module has configuration defects, which may affect system availability.
CVE-2022-41589 The DFX unwind stack has a vulnerability in interface calling that affects system services and device availability.
CVE-2022-41588 The home screen module has a vulnerability in its service logic processing. Successful exploitation of this may affect data integrity.
CVE-2022-41580 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-41586 The communication framework has a vulnerability of not properly truncating data. This may impact data confidentiality.
CVE-2022-41584 The kernel module has an out-of-bounds read vulnerability. Successful exploitation may cause memory overwriting.
CVE-2022-42069 A birth certificate management system version 1.0 has a XSS vulnerability.
CVE-2022-42066 The v1.0 Exam System is vulnerable to a cross site scripting vulnerability.
CVE-2022-42064 An attacker exploited a remote version 1.0 of the Lab Management System to upload a shell.
CVE-2022-42488 OpenHarmony has a permission validation vulnerability in the param service of the startup subsystem.
CVE-2022-42463 OpenHarmony 3.1.2 and prior versions have a authentication bypass vulnerability in a callback handler of Softbus_server in communication subsystem.
CVE-2022-42464 OpenHarmony 3.1.2 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker.
CVE-2022-42071 The CMS version 1.0 has a XSS vulnerability.
CVE-2022-42070 The BCSMS v1.0 is vulnerable to CSRF.
CVE-2022-41715 Compiling regular expressions from untrusted sources may lead to memory exhaustion or denial of service.
CVE-2022-2879 Read doesn't limit the maximum size of file headers. This can lead to memory exhaustion or crashes.
CVE-2022-2880 ReverseProxy forwards requests with raw query parameters, including unparseable ones.
CVE-2022-28762 The Zoom Client for Meetings for Macs starting with 5.10.6 has a misconfiguration of a debugging port.
CVE-2022-28760 On-Premise Meeting Connector MMR 4.8.20220815 contains an improper access control vulnerability.
CVE-2022-3504 An issue was found in SourceCodester Sanitization Management System and classified as critical. The id argument can be manipulated to bring sql injection.
CVE-2022-3505 An issue was found in SourceCodester Sanitization Management System. It's a problem with an unknown function of the file /php-sms/admin/. Manipulating the argument page can lead to cross site scripting.
CVE-2022-3506 XSS was stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.
CVE-2022-3439 Allocating resources without limits or throttling in a GitHub repository prior to 2.5.0.
CVE-2022-35043 An attacker sent a large amount of data to the OTFCCDUMP+0x6c08a6 function which was then used to overflow a heap buffer.
CVE-2022-35044 An OTFCC commit with 617837b contains a heap buffer overflow.
CVE-2022-35041 The commit 617837b in OTFCC was found to have a heap buffer overflow.
CVE-2022-35053 Heap buffer overflow in commit 617837b of otfccdump was discovered.
CVE-2022-35055 An attacker can overflow a heap buffer with OTFCC commit 617837b, which is a VRP tool.
CVE-2022-35052 Heap buffer overflow was discovered in OTFCC commit 617837b.
CVE-2022-35051 Heap buffer overflow in otfccdump was found in 617837b.
CVE-2022-35042 An attacker could send a crafted request to /release-x64/otfccdump+0x4adb11 to overflow the heap and execute arbitrary code.
CVE-2022-35046 An attacker can overflow a heap buffer in otfccdump+0x6b0466 via /release-x64. END
CVE-2022-35056 An attacker could exploit a heap buffer overflow in OTFCC commit 617837b to compromise the user's system.
CVE-2022-35040 An attacker could overflow a heap buffer with OTFCC-Dump's /release-x64 command.
CVE-2022-35045 An attacker could overflow a heap buffer in otfccdump via /release-x64/otfccdump+0x6b0d63.
CVE-2022-35054 Heap buffer overflow in OTFCC commit 617837b was discovered to be vulnerable.
CVE-2022-35058 A commit 617837b of the OFTC commit bot was found to have a heap buffer overflow.
CVE-2022-35050 An attacker sent a 0x6b04de heap buffer overflow to commit 617837b in order to gain remote code execution.
CVE-2022-35048 An attacker can overflow a buffer with 0x6B0B2C in OTFCC commit 617837b to crash the application.
CVE-2022-35049 The commit 617837b of OTFCC was discovered to contain a heap buffer overflow.
CVE-2022-35059 An overflow was discovered in OTFCC commit 617837b that was used in an exploit.
CVE-2022-3502 A vulnerability was found in Human Resource Management System 1.0. It is problematic and could be exploited to make malicious requests to sensitive parts of the application.
CVE-2022-3503 SourceCodester's Supplier Handler has a vulnerability that is revealed as problematic.
CVE-2022-37602 The key variable in grunt-karma.js is Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1.
CVE-2022-3497 A vulnerability was found in SourceCodester HRMS 1.0. It is problematic. The affected function is unknown.
CVE-2022-3496 A critical vulnerability was found in SourceCodester HRMS 1.0 and affects the Admin Panel component.
CVE-2022-3495 A critical vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and affected code of the file /opac/Actions.php?a=login. It compromises the Admin Login component.
CVE-2022-32177 v2.5.1-2.5.3beta is vulnerable to Unrestricted File Upload, which can lead to execution of javascript code.
CVE-2022-2780 Octopus Server is vulnerable to an NTLM relay attack if a user uses the Git Connectivity test on the VCS project.
CVE-2022-41535 The Open Source SACCO Management System v1.0 has a SQL injection vulnerability via the id parameter.
CVE-2022-41536 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability where id was used as the parameter.
CVE-2022-41538 The Wedding Planner v1.0 had an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php.
CVE-2022-41539 Wedding Planner v1.0 had an arbitrary file upload vulnerability in the /admin/users_add.php component.
CVE-2022-36803 The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows an attacker with the People role permission to modify any users role to Super Admin.
CVE-2022-41674 An issue was discovered in the Linux kernel through 5.19.11
CVE-2022-39302 Ree6 is a moderation bot. It would allow other server owners to create configurations such as "Better Audit Logging," which contains a channel from another server as a target.
CVE-2022-42721 A BSS handling bug could be used by local attackers to corrupt a linked list and execute code.
CVE-2022-42722 Local attackers could inject WLAN frames into the mac80211 stack to cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
CVE-2022-42720 Local attackers could use refcounting bugs in the mac80211 stack to trigger use-after-free conditions.
CVE-2022-42719 An use-after-free in the mac80211 stack could be used by attackers to crash the kernel and execute code.
CVE-2022-31130 Grafana could leak authentication tokens to older endpoints that use certain plugins.
CVE-2022-34022 Injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114.
CVE-2022-35611 CSRF in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.
CVE-2022-41390 OcoMon v4.0 was found to have a SQL injection vulnerability on download.php.
CVE-2022-34021 Multiple XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server 4.1.1000114 via the form fields.
CVE-2022-39229 Grafana old versions let one user block another user's login attempt by registering someone else's email address as a username.
CVE-2022-39278 The Istio service mesh manages traffic, enforces policies, and collects telemetry.
CVE-2022-39303 Rea6 is a moderation bot that is vulnerable to SQL injection. The issue has been patched by using Javas PreparedStatements.
CVE-2022-35134 Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
CVE-2022-35136 Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests.
CVE-2022-35612 An XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-41391 OcoMon v4.0 had a SQL injection vulnerability in the cod parameter of showImg.php.
CVE-2022-35135 An attacker can escalate privileges in the Boodskap IoT Platform v4.4.9-02 by sending a crafted request to /api/user/upsert/uuid>.
CVE-2022-39295 Knowage is an open source suite for modern business analytics alternative over big data systems
CVE-2022-39201 Grafana could leak the authentication cookie of users to plugins before versions 8.5.14 and 9.1.8.
CVE-2022-39300 SAML is a library based on SAML v2 that can be bypassed by a remote attacker using passport-saml.
CVE-2022-31123 Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a plugin signature verification bypass.
CVE-2022-41497 ClipperCMS 1.3.3 had an SSRF vulnerability via the pkg_url parameter.
CVE-2022-41496 iCMS v7.0.16 had an SSRF attack via the admincp.php url parameter.
CVE-2022-41495 ClipperCMS 1.3.3 had an SSRF vulnerability via the rss_url_news parameter.
CVE-2022-3456 Allocating resources without limits or throttling in a GitHub repository prior to 2.5.0.
CVE-2022-3457 Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.
CVE-2022-41481 An AC1200 WiFi router with a buffer overflow was discovered. The function 0x47de1c is vulnerable.
CVE-2022-41483 AnAC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 had a buffer overflow in the 0x4a12cc function.
CVE-2022-41485 An AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 with a buffer overflow was discovered.
CVE-2022-42156 The D-Link COVR 1200,1203 v1.08 had a command injection vulnerability via the tomography_ping_number parameter of SetNetworkTomographySettings.
CVE-2022-42159 The D-Link COVR 1200,1202,1203 has a predictable seed in a Pseudo-Random Number Generator.
CVE-2022-42160 D-Link COVR 1200,1202,1203 v1.08 has a command injection vulnerability in SetNTPServerSettings that could be exploited by an attacker.
CVE-2022-39293 Azure RTOS USBX is a high-performance USB host, device, and on-the-go embedded stack that is fully integrated with Azure RTOS ThreadX.
CVE-2022-42161 The COVR 1200,1202,1203 v1.08 was found to have a command injection vulnerability in the SetTriggerWPS/PIN parameter.
CVE-2022-41484 Tenda AP500 US was found to have a buffer overflow in 0x32384 function.
CVE-2022-41480 Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 has a buffer overflow in the 0x475dc function.
CVE-2022-41482 An exploit in the Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was found that had a buffer overflow.
CVE-2020-26848 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26839 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26864 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26849 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26851 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26852 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26853 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26843 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26850 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26844 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26859 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26845 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26846 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26847 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26842 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26860 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26861 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26862 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26863 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26857 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26865 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26858 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26841 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26866 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26856 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26855 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26854 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2020-26840 Reject a candidate that was not assigned to any issues during 2020. ConsultIDs: none.
CVE-2022-3492 A critical vulnerability was found in SourceCodester HRMS 1.0. The vulnerability affects unknown code of the component Profile Photo Handler.
CVE-2022-3493 A vulnerability was found in SourceCodester HRMS 1.0. This affects some unknown component processing.
CVE-2022-41475 An attacker can add an administrator account via a CSRF in RPCMS v3.0.2.
CVE-2022-41474 An RPCMS v3.0.2 contains a CSRF which allows attackers to change any account's password.
CVE-2022-41473 An XSS vulnerability was found in RPCMS v3.0.2's Search function.
CVE-2022-24697 The designer function has a command injection vulnerability when overwriting system parameters in the configuration.
CVE-2022-42889 Apache Commons Text does variable interpolation, expanding properties.
CVE-2022-35080 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c
CVE-2021-20030 GMS is vulnerable to file path manipulation and can be accessed by an unauthenticated attacker.
CVE-2022-3470 A critical vulnerability was found in SourceCodester HRMS. The fgetstatecity.php file is affected. The sc argument can be manipulated to lead to sql injection.
CVE-2022-3472 A critical vulnerability was found in SourceCodester HRMS system. The file city.php is manipulated by the argument cityedit, leading to sql injection.
CVE-2022-3473 A critical vulnerability has been found in SourceCodester HRMS system. The manipulation of the argument ci leads to sql injection.
CVE-2022-3471 An HRMS vulnerability was found. The file city.php is affected.
CVE-2022-42902 In LavA before 2022.10, there is dynamic code execution in lav_server/lavatable.py.
CVE-2022-42906 Powerline Gitstatus before 1.3.2 has an exploitable configuration that can run arbitrary commands in the project's repository.
CVE-2022-42901 MicroStation and MicroStation-based applications could be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. This could lead to information disclosure and code execution.
CVE-2022-42900 FBX files could have out-of-bounds read issues. This could lead to information disclosure and code execution.
CVE-2022-42899 Out-of-bounds read and stack overflow in Bentley MicroStation and MicroStation-based applications could lead to information disclosure and code execution.
CVE-2022-34020 The ResIOT IOT Platform and LoRaWAN Network Server has a CSRF vulnerability that can be used to add new admin users. This vulnerability could also have other impacts.
CVE-2022-40187 Forescout's Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled.
CVE-2022-42897 An unauthenticated command injection allows privilege escalation and control of the system.
CVE-2022-39298 Melis-Front displays websites on the Melis Platform. It handles page, plugin, URL rewording, search optimization, and SEO.
CVE-2022-39297 MelisCms is a CMS for Melis Platform, including templating system, plugins drag and drop, and SEO tools.
CVE-2022-39283 FreeRDP is a library that provides a free remote desktop protocol. It might read uninitialized data and decode it as audio/video.
CVE-2022-39282 FreeRDP is a library for remote desktop protocol, it supports unix systems using the /parallel switch. It might read uninitialized data and send it to the server the client is currently connected to.
CVE-2022-3171 BINARY data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a DoS attack.
CVE-2021-36369 An issue was found in Dropbear through 2020.81, which allows an SSH server to change the login process.
CVE-2022-39299 Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication.
CVE-2018-18446 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
CVE-2018-18447 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
CVE-2022-41351 In ZCS 8.8.15, at the URL /h/calendar, one can trigger XSS by changing the value of the view and uncheck parameters.
CVE-2022-33921 Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities
CVE-2022-37601 The name variable in parseQuery.js in webpack loader-utils 2.0.0 is for prototyping pollution vulnerability.
CVE-2022-32491 Dell Client BIOS contains a Buffer Overflow vulnerability
CVE-2022-34391 Dell Client BIOS versions prior to remediated version contain an improper input validation vulnerability.
CVE-2022-41350 ZCS 8.8.15 has a vulnerability to Reflected XSS with the phone parameter of /h/search.
CVE-2022-41349 An attachUrl parameter in ZCS 8.8.15 is vulnerable to Reflected XSS.
CVE-2022-34390 Dell BIOS contains a use of uninitialized variable vulnerability
CVE-2022-32488 Dell BIOS contains an improper input validation vulnerability
CVE-2022-32493 Dell BIOS contains an Stack-Based Buffer Overflow vulnerability
CVE-2022-32487 Dell BIOS contains an improper input validation vulnerability
CVE-2022-32485 Dell BIOS contains an improper input validation vulnerability
CVE-2022-32484 Dell BIOS contains an improper input validation vulnerability
CVE-2022-32483 Dell BIOS contains an improper input validation vulnerability
CVE-2022-31228 Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability
CVE-2022-32489 Dell BIOS contains an improper input validation vulnerability
CVE-2022-2249 privilege escalation vulnerabilities were found in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges.
CVE-2022-42080 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 has a heap overflow vulnerability.
CVE-2022-42086 Tenda AX1803 US_AX1803v2.0 is vulnerable to CSRF attacks via the TendaAteMode function.
CVE-2022-42079 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to have a stack overflow.
CVE-2022-42077 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to CSRF attack via SysToolReboot function.
CVE-2022-42081 An AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 had a stack overflow vulnerability.
CVE-2022-42078 The Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
CVE-2022-41403 The OpenCart 3.x Newsletter Custom Popup contains a SQL injection vulnerability.
CVE-2022-28887 An DoS vulnerability was found in F-Secure and WithSecure products. The aerdl.dll unpacker handler crashes.
CVE-2022-0030
CVE-2022-42715 An XSS vulnerability is present in REDCap's Alerts & Notifications upload feature prior to 12.04.18.
CVE-2022-40871 Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection
CVE-2022-37614 Mocking function calls in mockery.js with the key variable.
CVE-2022-3464 An issue has been found in puppyCMS up to 5.1. The manipulation of the argument site_name leads to XSS.
CVE-2022-2720 In Octopus Server affected versions, when a sensitive value is a substring of another value, only part of the sensitive value is masked.
CVE-2022-40664 Shiro before 1.10.0 has an authentication bypass vulnerability when forwarding or including via RequestDispatcher.
CVE-2022-3458 An unknown vulnerability in SourceCodester Human Resource Management System 1.0 affects the file /employeeview.php of the Image File Handler component.
CVE-2022-37611 Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.
CVE-2022-40469 iKuai8 v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.
CVE-2022-42711 Â  WhatsUp Gold before 22.1.0 failed to sanitize malicious input.
CVE-2022-40440 An XSS vulnerability was found in v4.2.2 of the Graph Visualization tool.
CVE-2022-40921 DedeCMS V5.7.99 had an arbitrary file upload vulnerability.
CVE-2022-41530 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability via the id parameter.
CVE-2022-41406 An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code.
CVE-2022-41407 The App v1.0 had a SQL injection vulnerability via the id parameter.
CVE-2022-41532 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability where id was used to delete plans.
CVE-2022-41606 HashiCorp Nomad and Nomad Enterprise up to 1.2.12 and 1.3.5 can crash client agents with invalid S3 or GCS URLs.
CVE-2022-40777 Interspire Email Marketer through 6.5.0 allows upload of arbitrary php files via a survey_submit.php operation, which can be accessed via /admin/temp/surveys/.
CVE-2022-42717 An issue was found in Hashicorp Packer 2.3.1 before the recommended sudoers configuration for Vagrant on Linux.
CVE-2022-37617 Pollution vulnerability in thlorenz browserify-shim 3.8.15 via k variable in resolve-shims.js.
CVE-2022-41404 An issue in the fetch() method in org.ini4j before v0.5.4 allows attackers to cause a DoS.
CVE-2022-42037 The d8s-asns package had a third party backdoor, democritus-csv.
CVE-2022-41381 The d8s-utility package has a backdoor from a third party. The backdoor is democritus-file-system.
CVE-2022-41380 d8s-yaml has a backdoor. It is democritus-file-system.
CVE-2022-42040 d8s-algorithms has a backdoor, the democritus-dicts package.
CVE-2022-41550 GNU/OSIP v5.3.0 had an integer overflow, leading to possible remote code execution.
CVE-2022-41387 The d8s-pdfs package had a backdoor in the democritus-urls package.
CVE-2022-42044 The d8s-asns package had a backdoor from a third party, democritus-html.
CVE-2022-42043 d8s-xml had a backdoor from democritus-html.
CVE-2022-42039 The d8s-lists package had a backdoor from a third party. The democritus-dicts package is a backdoor.
CVE-2022-41386 The d8s-utility package had a backdoor, the democritus-urls package.
CVE-2022-42036 The d8s-urls package contains a backdoor. The democritus-csv package is the backdoor.
CVE-2022-42038 The d8s-ip-addresses package has a backdoor: democritus-csv.
CVE-2022-42042 d8s-networking had a backdoor added by a third party. The backdoor is democritus-hashes.
CVE-2022-41383 The d8s-archives package had a backdoor from a third party, democritus-file-system.
CVE-2022-41382 The d8s-json package had a backdoor--the democritus-file-system package.
CVE-2022-41385 The d8s-html package had a backdoor, the democritus-urls package.
CVE-2022-41384 The d8s-domains package had a backdoor in the democritus-urls package.
CVE-2022-42041 d8s file system package had a backdoor from a third party, democritus-hashes.
CVE-2022-38138 The Triangle Microworks IEC 61850 Library protects older clients and servers from newer versions of C, C++, and Java.
CVE-2022-41204 An attacker can change the content of an SAP Commerce version 1905, 2005, 2105, 2011, 2205, login page, by injecting code that redirects submissions from the affected login form to their own server.
CVE-2022-39013 Under certain conditions an authenticated attacker can get access to OS credentials
CVE-2022-39015 BOE AdminTools/SDK can access information which would be restricted with certain conditions.
CVE-2022-41177 Memory management issues in Iges Part and Assembly files can lead to RCE.
CVE-2022-41180 Memory management issues in SAP can cause a victim to open a .pdf file from an untrusted source, which can lead to a RCE.
CVE-2022-41170 memory management can lead to RCE on CATIA4 Part .model files opened from untrusted sources.
CVE-2022-41179 Memory management problems can lead to RCE when a victim opens a file from an untrusted source.
CVE-2022-41173 Memory management issues in AutoCAD can lead to application crash.
CVE-2022-41175 An Enhanced Metafile file can be manipulated to trigger a Remote Code Execution.
CVE-2022-41176 Due to memory mismanagement, Enhanced Metafile files received from untrusted sources can crash the application and tempora END>
CVE-2022-41166 Due to memory management issues, when a victim opens a Wavefront Object file sent by an attacker, the application can crash and become compromised.
CVE-2022-41199 Inventor files can be opened by victims, which can lead to remote code execution.
CVE-2022-41198 SketchUp files can be memory-compromised and RCE can be triggered when victims open them.
CVE-2022-41195 Memory management issues can lead to EAAmiga Interchange File Format files being opened by victims and resulting in a Remote Code Execution.
CVE-2022-41196 Memory management issues can cause a VRML Worlds file to be opened by a victim and result in a Remote Code Execution.
CVE-2022-41178 Iges Part and Assembly file may be manipulated by the victim to have the application crash.
CVE-2022-39800 BusinessObjects BI LaunchPad is vulnerable to a script execution attack due to improper sanitization of user inputs.
CVE-2022-39803 Memory management issues in ACIS Part and Assembly files make it possible for a victim to be exploited and executed remote code.
CVE-2022-39807 The victim's lack of memory management can cause the application to crash when they open a SolidWorks Drawing file from an untrusted source.
CVE-2022-41194 The memory management of the victim's computer is poor, which makes it crash when a .eps file is opened.
CVE-2022-41193 Memory management issues in EPS files can lead to RCE in SAP 3D Visual Enterprise Viewer - version 9.
CVE-2021-36201 Enumerating user accounts in C•CURE 9000 and earlier versions could be dangerous.
CVE-2022-41168 In SAP 3D Visual Enterprise Author, it's possible for a RCE to happen due to memory management issues.
CVE-2022-41172 Memory management issues in AutoCAD can lead to RCE when a victim opens a file from untrusted sources.
CVE-2022-41188 The victim's computer can crash when opening a manipulated Wavefront Object file sent from an untrusted source.
CVE-2022-39806 An attacker can send a SAP 3D Visual Enterprise Author file that can be opened by the victim and execute remote code.
CVE-2022-41186 Computer Graphics Metafile files sent by malicious attackers can be exploited to trigger a Remote Code Execution.
CVE-2022-31682 VMware Aria Operations contains an arbitrary file read vulnerability
CVE-2022-3140 LibreOffice supports Office URI Schemes to integrate with MS SharePoint, and an additional scheme 'vnd.libreoffice.command' was added.
CVE-2022-35226 SAP Data Services Management allows an attacker to copy data from a request and echo it into the application's response, leading to a XSS vulnerability.
CVE-2022-35296 The SAP BusinessObjects Version Management System can expose sensitive information to a high-privileged user who isn't explicitly authorized to see it.
CVE-2022-35297 SAP Enable Now doesn't encode user-controlled inputs over the network before it is served to other users, resulting in XSS vulnerability.
CVE-2022-35299 SAP SQL Anywhere and IQ can be vulnerable to memory corruption attacks because of logical errors in memory management.
CVE-2022-41183 The memory management of the victim's computer is poor, which makes it possible for the application to crash and become temporally unresponsive.
CVE-2022-41181 Memory management in PDF files can cause 3D Visual Enterprise Author to crash.
CVE-2022-41184 Memory management issues in Windows can lead to RCE when a victim opens a .cur file from untrusted sources.
CVE-2022-41167 Memory management issues in AutoCAD can lead to RCE when a victim opens a file containing malicious code.
CVE-2022-41185 Due to memory management issues, a victim opening a manipulated Visual Design Stream file from untrusted sources can be exploited to execute remote code.
CVE-2022-41190 Memory management issues in AutoCAD can lead to RCE when a victim opens a file bearing malicious content.
CVE-2022-41191 Memory issues in SAP 3D Visual Enterprise Viewer 9 can lead to memory corruption, which allows for remote code execution.
CVE-2022-41192 An attacker can cause a victim's application to crash by sending a JT file and then crashing the victim's application with the file.
CVE-2022-41182 Due to memory management issues, a victim's opening of a Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file from an untrusted source can cause the application to crash.
CVE-2022-39804 Due to memory management issues, victims of SolidWorks Part files from untrusted sources can be compromised with RCE.
CVE-2022-39805 Memory problems can lead to false positives when a victim opens a file containing malicious code.
CVE-2022-41189 Memory management issues in the AutoCAD file can lead to a remote code execution.
CVE-2022-39802 SAP MES version 15.1, 15.2, 15.3 has an exploitable file path parameter vulnerability. The attacker can manipulate the file path to access arbitrary files on the server.
CVE-2022-41187 Memory management issues can lead to RCE when a victim opens a file containing a malicious ObjTranslator.exe.
CVE-2022-39808 It's possible that a victim opening a Wavefront Object file from untrusted sources could be exploited via Remote Code Execution.
CVE-2021-36915 Cozmoslabs Profile Builder plugin = 3.6.0 has a CSRF vulnerability that allows uploading the JSON file and updating the options.
CVE-2022-20410 Avrc_pars_ctrl_pars_vendor_rsp has an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.
CVE-2022-20413 In Threads.cpp, there is a logic error that could lead to local information disclosure with user execution privileges.
CVE-2022-20416 AudioTransportsToHal in HidlUtils.cpp has a possible out of bounds write due to a bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20409 in io_identity_cow of io_uring.c, there is a possible way to corrupt memory and get local escalation of privilege with System execution privileges.
CVE-2022-20412 fdt_next_tag could have an out of bounds read due to a bounds check error. This could lead to privilege escalation with System execution privileges needed.
CVE-2022-20431 There is an missing authorization issue in the system service
CVE-2022-20430 There is an missing authorization issue in the system service
CVE-2022-20429 The IAM deputy in CarSettings could possibly be bypassed to allow local escalation of privilege in Bluetooth settings.
CVE-2022-20425 ZenModeHelper could have a performance degradation due to resource exhaustion. This could lead to local denial of service with User execution privileges needed.
CVE-2022-20422 In the armv8_deprecated.c emulation_proc_handler, there is a race condition that can corrupt memory. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20432 There is an missing authorization issue in the system service
CVE-2022-20434 There is an missing authorization issue in the system service
CVE-2022-20435 There is a Unauthorized service in the system service, may cause the system reboot
CVE-2022-20433 There is an missing authorization issue in the system service
CVE-2022-20415 There is a logic error in the code of StatusBarNotificationActivityStarter that starts activity from background.
CVE-2022-20351 There is a SQL injection vulnerability in queryInternal of CallLogProvider. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-20417 AudioTransportsToHal in HidlUtils.cpp has a possible out of bounds write due to a bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2020-14131 The Xiaomi Security Center thanks ADLab for their help and welcome more security experts to join the Mi Security Center to make sure safety is maintained.
CVE-2022-20394 In IMEService.java, there is a check for permissions when another app shows an IME. This can be used to determine when another app is showing an IME.
CVE-2022-20439 Messaging has an unauthorized provider, which could cause Local Deny of Service.
CVE-2022-20419 In ActivityRecord.java, there is a possible logic error that could lead to local escalation of privilege.
CVE-2022-20418 In the pickStartSeq of AAVCA assembler, there is a possible out of bounds read. This could lead to remote information disclosure with no additional execution privileges needed.
CVE-2021-0696 There is a race condition in dllist_remove_node of TBD that could lead to local escalation of privilege.
CVE-2020-14129 A logic vulnerability exists in a Xiaomi product
CVE-2022-20438 Messaging has unauthorized broadcast, which can cause Local Deny of Service.
CVE-2022-20420 In the AppRestrictionController.java code, there is a possible way to bypass device policy restrictions due to a logic error.
CVE-2022-20440 Messaging has unauthorized broadcast, which could cause Local Deny of Service.
CVE-2022-20437 In Messaging, there is unauthorized broadcast, which could cause Local Deny of Service.
CVE-2022-38086 The CSRF vulnerability in the Shortcodes Ultimate plugin = 5.12.0 could lead to plugin preset settings change.
CVE-2021-0951 DevmemIntHeapAcquire could have an overflow that could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20423 In rndis_set_response of rndis.c, there is an integer overflow that could lead to local escalation of privilege if a malicious USB device is attached.
CVE-2022-20436 There is an unauthorized service in the system service
CVE-2022-20421 In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-41036 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-38036 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.
CVE-2022-34689 Windows CryptoAPI Spoofing Vulnerability.
CVE-2022-38038 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38037 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38034 Windows Workstation Service Elevation of Privilege Vulnerability.
CVE-2022-33635 Windows GDI+ Remote Code Execution Vulnerability.
CVE-2022-41031 Microsoft Word Remote Code Execution Vulnerability.
CVE-2022-38045 Server Service Remote Protocol Elevation of Privilege Vulnerability.
CVE-2022-38041 Windows Secure Channel Denial of Service Vulnerability.
CVE-2022-33645 Windows TCP/IP Driver Denial of Service Vulnerability.
CVE-2022-41032 NuGet Client Elevation of Privilege Vulnerability.
CVE-2022-41033 Windows COM+ Event System Service Elevation of Privilege Vulnerability.
CVE-2022-38048 Microsoft Office Remote Code Execution Vulnerability.
CVE-2022-38043 Windows Security Support Provider Interface Information Disclosure Vulnerability.
CVE-2022-37987 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2022-38049 Microsoft Office Graphics Remote Code Execution Vulnerability.
CVE-2022-37980 Windows DHCP Client Elevation of Privilege Vulnerability.
CVE-2022-22035 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-37979 Windows Hyper-V Elevation of Privilege Vulnerability.
CVE-2022-37982 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-37973 Windows Local Session Manager (LSM) Denial of Service Vulnerability
CVE-2022-37978 Windows Active Directory Certificate Services Security Feature Bypass.
CVE-2022-37985 Windows Graphics Component Information Disclosure Vulnerability.
CVE-2022-38046 Web Account Manager Information Disclosure Vulnerability.
CVE-2022-38042 Active Directory Domain Services Elevation of Privilege Vulnerability.
CVE-2022-37984 Windows WLAN Service Elevation of Privilege Vulnerability.
CVE-2022-37986 Windows Win32k Elevation of Privilege Vulnerability.
CVE-2022-37981 Windows Event Logging Service Denial of Service Vulnerability.
CVE-2022-37983 Microsoft DWM Core Library Elevation of Privilege Vulnerability.
CVE-2022-37990 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability.
CVE-2022-37999 Windows Group Policy Preference Client Elevation of Privilege Vulnerability
CVE-2022-38001 Microsoft Office Spoofing Vulnerability.
CVE-2022-38000 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-40047 Flatpress v1.2.1 has an XSS vulnerability via the page parameter in the admin section.
CVE-2022-37974 Windows Mixed Reality Developer Tools Information Disclosure Vulnerability.
CVE-2022-30198 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability.
CVE-2022-38053 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-37599 A ReDoS flaw was found in Function interpolateName in webpack loader-utils 2.0.0 via the resourcePath variable.
CVE-2022-37971 Microsoft Windows Defender Elevation of Privilege Vulnerability.
CVE-2022-37968 Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.
CVE-2022-37609 Prototype pollution vulnerability in js-beautify 1.13.7 via the name variable in options.js
CVE-2022-38044 Windows CD-ROM File System Driver Remote Code Execution Vulnerability.
CVE-2022-37997 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-38047 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-41037 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-33634 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-38003 Windows Resilient File System Elevation of Privilege.
CVE-2022-38027 Windows Storage Elevation of Privilege Vulnerability.
CVE-2022-37975 Windows Group Policy Elevation of Privilege Vulnerability.
CVE-2022-37994 Windows Group Policy Preference Client Elevation of Privilege Vulnerability
CVE-2022-38040 Microsoft ODBC Driver Remote Code Execution Vulnerability.
CVE-2022-38025 Windows Distributed File System (DFS) Information Disclosure Vulnerability.
CVE-2022-38029 Windows ALPC Elevation of Privilege Vulnerability.
CVE-2022-41035 Microsoft Edge (Chromium-based) Spoofing Vulnerability.
CVE-2022-37989 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2022-38031 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35770 Windows NTLM Spoofing Vulnerability.
CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability.
CVE-2022-38051 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-38050 Win32k Elevation of Privilege Vulnerability.
CVE-2022-3452 An issue was found in SourceCodester Book Store Management System 1.0. The file /category.php is affected.
CVE-2022-42235 An XSS issue in Student Clearance System v.1.0 allows for arbitrary JavaScript to be injected in the registration form.
CVE-2022-42238 An issue in VOPE 1.0 allows access to the admin dashboard.
CVE-2022-39296 Melis Asset Manager delivers assets in public folders of module-specific assets. An attacker can read arbitrary files to obtain sensitive information.
CVE-2022-3453 An issue was found in SourceCodester Book Store Management System 1.0. This affects unknown processing of the file /transcation.php.
CVE-2022-42236 An Arbitrary JavaScript issue in Merchandise Online Store v.1.0 allows to injection of Stored XSS.
CVE-2021-36899 Reflected XSS vulnerability in the Asset CleanUp: Page Speed Booster plugin = 1.3.8.4 at WordPress.
CVE-2021-36913 An Injection vulnerability in the Qube One plugin for Contact Form 7 allows attackers to change options and inject scripts into the footer HTML.
CVE-2022-34427 Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries
CVE-2022-34431 Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability
CVE-2022-33978 Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.
CVE-2022-34434 The Dell Cloud Mobility for Postgres database has an Improper Access Control vulnerability.
CVE-2022-32486 Dell BIOS contains an improper input validation vulnerability
CVE-2022-34432 Dell Hybrid Client below 1.8 version contains a gedit vulnerability
CVE-2022-34430 Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI
CVE-2022-34426 Dell Container Storage Modules 1.2 has an improper limitation of a pathname to a restricted directory which could lead to OS command injection.
CVE-2022-32492 Dell BIOS contains an improper input validation vulnerability
CVE-2022-41376 UI v4.4.0 to v4.5.0 contains an XSS vulnerability.
CVE-2022-38388 An IBM Navigator Mobile app could allow a local user to get sensitive information due to improper access control.
CVE-2022-3358 OpenSSL custom cipher can be created with the EVP_CIPHER_meth_new() function and function calls.
CVE-2022-39271 Traefik is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a vulnerability in Traefik's management of HTTP/2 connections.
CVE-2022-33747 Memory consumption for page tables is bounded by 2nd-level page tables.
CVE-2022-33746 The P2M pool backing second level address translation for guests may be of significant size, thus freeing may take more time than is reasonable.
CVE-2022-33748 An error handling path was added that neglected to pay attention to locking requirements.
CVE-2022-33749 XAPI can hit its file-limit unauthenticated client.
CVE-2022-41665 V3.10 has a vulnerability.
CVE-2022-40182 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-31765 Affected devices do not properly authorize the change password function of the web interface
CVE-2022-40177 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-31766 Vulnerabilities have been found in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, and SCALA END>
CVE-2022-36360 Vulnerability in LOGO! 8 BM (incl. SIPLUS variants) firmware updates checks authenticity.
CVE-2022-36362 Vulnerability in LOGO! 8 BM (All versions) that doesn't validate certain interactions.
CVE-2022-38371 An arbitrary file download vulnerability has been found in Nucleus NET, Nucleus ReadyStart V3, Nucleus Source Code.
CVE-2022-40147 V1.5.1 of Industrial Edge Management doesn't validate server certificates when initiating a TLS connection.
CVE-2022-36363 An offset value can be defined in TCP packets when calling a method, which is not properly validated in LOGO! 8 BM affected devices.
CVE-2022-36361 An exploit could be used to crash a device.
CVE-2022-37864 Vulnerability in Solid Edge. Application contains an out of bounds write past the heap-based buffer while parsing DWG files.
CVE-2022-40176 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-40178 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-40179 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-40180 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-40226 V3.10 has a vulnerability.
CVE-2022-40227 A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl
CVE-2022-40631 Vulnerability in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, and SCALANCE X202-2P IRT.
CVE-2022-41851 Vulnerabilities have been identified in JTTK, Simcenter Femap V2022.1, V2022.2.
CVE-2022-38465 Vulnerability in SIMATIC Drive Controller family (All versions  V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), and SIMATIC ET 200SP Open Controller CPU 1515SP PC2.
CVE-2022-40181 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-35289 A write-what-where condition in hermes caused by an integer overflow allows attackers to execute arbitrary code.
CVE-2022-40138 An integer conversion error in Hermes bytecode generation could have been used to perform Out-Of-Bounds operations and execute arbitrary code.
CVE-2022-32234 An out of bounds write in hermes handling large arrays allows attackers to execute arbitrary code.
CVE-2021-35226 An entity in NPM is misconfigured and is exposing the password field to SWIS.
CVE-2022-3433 The aeson library is not safe to use to consume untrusted JSON input
CVE-2021-25044
CVE-2022-20920 The vulnerability in SSH could allow an attacker to cause an affected device to reload.
CVE-2022-2554 The Enable Media Replace plugin before 4.0.0 doesn't ensure that renamed files are moved to the Upload folder, which could be vulnerable to a path traversal attack.
CVE-2022-2629 The Top Bar WordPress plugin before 3.0.4 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.
CVE-2022-2823 The MetaSlider WordPress plugin before 3.27.9 is vulnerable to Stored Cross-site Scripting attacks, which could be possible by admin users.
CVE-2022-20915 An IPv6 vulnerability in 6VPE with ZBFW could cause a DoS attack.
CVE-2022-20870 An vulnerability in egress MPLS packet processing of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
CVE-2022-20830 An unauthenticated, remote attacker could access the GUI of Cisco SD-AVC.
CVE-2022-20944 Vulnerability in Cisco IOS XE Software image verification could allow unauthenticated, physical attacker to execute unsigned code at system boot time.
CVE-2022-20864 ROMMON has a vulnerability that could allow an attacker to recover the configuration or reset the enable password.
CVE-2022-41748 The Trend Micro Apex One DLP module has a registry permissions vulnerability that could allow local attackers with administrative credentials to bypass anti-tampering mechanisms.
CVE-2022-20837 DNS ALG vulnerability could allow unauthenticated, remote attacker to cause affected device to reload.
CVE-2022-2448 The reSmush.it WordPress plugin before 0.4.6 has settings that could allow high-privilege users to perform Stored Cross-site Scripting attacks.
CVE-2022-2350 The Disable User Login plugin doesn't have any authorisation checks, allowing attackers to block or unblock users.
CVE-2022-3137 Taskbuilder before 1.0.8 doesn't validate and sanitize task's attachments, which could allow attackers to perform Stored Cross-site Scripting by attaching a malicious SVG file.
CVE-2022-3136 The Social Rocket plugin before 1.3.3 doesn't sanitize its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks.
CVE-2022-41749 An Apex One agent could be vulnerable to an origin validation error that allows a local attacker to escalate privileges.
CVE-2022-41744 An Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point.
CVE-2022-41746 An attacker with access to the console on an affected installation could escalate privileges and modify agent groupings.
CVE-2022-41747 An Apex One agent could be vulnerable to an DLL file loading vulnerability if it is not validated.
CVE-2022-3154 The Woo Billingo Plus and Integration for Billingo & Gravity Forms WordPress plugins before 4.4.5.4 and 1.0.4, respectively, lack CSRF checks in some AJAX actions.
CVE-2022-2891 The WP 2FA plugin 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.
CVE-2022-3220 The Advanced Comment Form WordPress plugin before 1.2.1 has unsafe settings that allow high privilege users to do CSRF attacks.
CVE-2022-41745 An OOB access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message that could cause memory corruption on a certain service process, leading to privilege escalation.
CVE-2022-3208 The before 4.4.12 version of the Simple File List plugin doesn't have nonce checks, which could be exploited in a CSRF attack.
CVE-2022-3207 The Before version of the Simple File List plugin has a security issue where high privilege users can do CSST.
CVE-2022-2981 The Download Monitor plugin before 4.5.98 doesn't check files to be downloaded are in the blog folders, allowing high-privilege users such as admins to download wp-config.php or /etc/passwd.
CVE-2022-36063 Azure RTOS USBx is a USB host, device and OTG embedded stack with Azure RTOS ThreadX support.
CVE-2022-3209 The id, datafilter, and others parameters in the penci_more_slist_post_ajax AJAX action are not sanitised, leading to a Reflected XSS vulnerability.
CVE-2022-34402 Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI
CVE-2022-39288 Fastify is a low overhead Node.js framework. Malicious use of the Content-Type header can be used to deny service.
CVE-2022-34425 Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH
CVE-2022-34334 The IBM Sterling Partner Engagement Manager 2.0 doesn't invalidate a logged out session which could allow an authotred user to impersonate another user.
CVE-2022-40248 An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4
CVE-2022-40257 An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4
CVE-2022-39292 An advanced client library for the Slack Web, Events, and Socket APIs. Debug logs show sensitive URLs for private webhooks.
CVE-2022-26121 Vulnerability in FortiAnalyzer and FortiManager GUI 7.0.0 - 7.0.3, 6.4.0 - 6.4.8, 6.2.0 - 6.2.9, 6.0.0 - 6.0.11, 5.6.0 - 5.6.11 may allow an unauthenticated and remote attack.
CVE-2022-3442 Crealogix EBICS 7.0 has a vulnerability that leads to cross site scripting.
CVE-2021-44171 In previous versions, special elements used in the os command could be manipulated to subvert the os command. This issue was fixed in the latest releases.
CVE-2022-3438 Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVE-2022-42725 The Warpinator through 1.2.14 allows access outside of an intended directory by using symbolic links.
CVE-2022-42724 Before 2.4.164, MISP allows attackers to find role names. This is information that only site admins should have.
CVE-2022-42011 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42012 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42010 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42703 The mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
CVE-2022-3436 An critical vulnerability was found in SourceCodester Web-Based Student Clearance System 1.0, an unknown functionality of the file edit-photo.php of the Photo Handler component.
CVE-2022-3434 A vulnerability was found in SourceCodester Web-Based Student Clearance System. The function 'prepare' can be manipulated to cause cross site scripting.
CVE-2022-3435 An issue has been found in the Linux Kernel's IPV4 handler that involves an out-of-bounds read.
CVE-2022-39281 Fat Free CRM's older versions had an authenticated user's remote Denial of Service attack via bucket access.
CVE-2022-36635 The ZKBioSecurity V5000 4.1.3 had a SQL injection vulnerability in /baseOpLog.do.
CVE-2022-39959 An unprivileged user can create a file named Everest.exe in the Programdata\Panini folder.
CVE-2022-41442 Cross-site scripting vulnerability in the setting controller in Uploader v2.6.3.
CVE-2022-31680 The vCenter Server has an unsafe deserialization vulnerability in the PSC.
CVE-2022-31681 VMware ESXi contains a null-pointer deference vulnerability
CVE-2022-39291 Affected versions of zoneminder are vulnerable to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder.
CVE-2022-39290 Zoneminder is a free, open source Closed-circuit television software application. In affected versions, users can bypass CSRF keys by modifying the request.
CVE-2022-39285 The file parameter is vulnerable to a XSS vulnerability by backing out of the current "tr" and "td" brackets.
CVE-2022-41574 An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows attackers to prevent backups from happening and send emails with arbitrary text content to the configured installation-administrator contact address.
CVE-2022-3275 Injecting malicious code in the puppetlabs-apt module before version 9.0.0 is possible if the actor is able to provide unsanitized input.
CVE-2022-3276 In earlier versions of the puppetlabs-mysql module, injection attacks are possible if malicious actors provide unsanitized input.
CVE-2022-39289 ZoneMinder is a free, open source Closed-circuit television software application
CVE-2022-26472 In ims, there is a possible escalation of privilege due to a parcel format mismatch. User interaction is not needed for exploitation.
CVE-2022-32590 An issue with wlan's status check could lead to local escalation of privilege with System execution privileges. User interaction is not needed for exploitation.
CVE-2022-26471 In telephony, a parcel format mismatch could lead to privilege escalation with no user interaction needed.
CVE-2022-26473 In vdec fmt, there is a use after free due to improper locking. This could lead to local escalation of privileges with System execution privileges.
CVE-2022-32592 dvfs in cpu could write out of bounds, which could lead to local escalation of privilege with System privileges needed. User interaction is not needed for exploitation.
CVE-2022-32589 Wi-Fi driver has a hidden bug that could lead to DoS with no user interaction needed.
CVE-2022-26452 In ISP, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges.
CVE-2022-26474 In sensorhub, there is a out of bounds write that could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2022-36634 An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to create admin users.
CVE-2022-26475 In wlan, an out of bounds write can lead to local escalation of privilege with System execution privileges. User interaction is not needed for exploitation.
CVE-2022-32593 In Vowe, there is a possible out of bounds write, which could lead to local escalation of privilege with System execution privileges. User interaction is not needed for exploitation.
CVE-2022-39287 Tiny-csrf is a Node.js CSRF protection middleware that encrypts cookies.
CVE-2022-41377 The App v1.0 was found to have a SQL injection vulnerability via the id parameter.
CVE-2022-42074 The v1.0 of GED Diagnostic Lab Management System is vulnerable to SQL Injection.
CVE-2022-42073 the lab management system is vulnerable to SQL injection via /diagnostic/editclient.php?id=
CVE-2022-41378 The App v1.0 had a SQL injection vulnerability at /pet_shop/admin/?page=inventory/manage_inventory.
CVE-2022-42075 Wedding Planner v1.0 is vulnerable to has arbitrary code execution.
CVE-2022-41392 TotalJS 8c2c8909 has a XSS vulnerability that allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-37895 An DoS vulnerability exists in Aruba's handling of certain SSID strings.
CVE-2022-37894 An DoS vulnerability exists in Aruba's handling of certain SSID strings.
CVE-2022-41379 An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code.
CVE-2022-37896 An exploit could allow a remote attacker to conduct a XSS attack on users of the interface.
CVE-2022-42092 Backdrop CMS has an Unrestricted File Upload vulnerability that allows attackers to Remote Code Execution.
CVE-2022-37891 Buffer overflows in the Aruba InstantOS and ArubaOS 10 web management interface.
CVE-2020-15855 Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
CVE-2022-41512 An arbitrary file upload vulnerability in the /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code.
CVE-2022-41513 An SQL injection was found in the online diagnostic lab management system v1.0 via the id parameter.
CVE-2022-37885 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-37886 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-37887 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-41514 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability where users were able to delete loans.
CVE-2021-40166 Malicious Png files may be used to attempt to free an already freed object.
CVE-2022-41515 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability with the id parameter.
CVE-2022-37889 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2021-40163 An attack can exploit DLL memory corruption to execute arbitrary code.
CVE-2022-37890 Buffer overflows in the Aruba InstantOS and ArubaOS 10 web management interface.
CVE-2021-40162 Malicious TIF, PICT, TGA, or RLC files in the Autodesk Image Processing component may be read beyond allocated boundaries.
CVE-2022-37892 An vulnerability in Aruba InstantOS and ArubaOS 10 could allow an unauthenticated attacker to conduct a XSS attack.
CVE-2021-40164 A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files
CVE-2022-21936 ADX user could perform actions without a valid password when using MVE SMP UI.
CVE-2021-40165 Malicious TIFF, PICT, TGA, or RLC files may be used to write beyond the allocated buffer.
CVE-2022-41414 The default in Liferay Portal v7.0.0 through v7.4.2 is insecure, allowing attackers to enumerate usernames, site names, and pages.
CVE-2022-41291 IBM InfoSphere Information Server 11.7 doesn't invalidate sessions after logout which could allow an authenticated user to impersonate another user.
CVE-2022-22493 IBM WebSphere Automation for Cloud Pak is vulnerable to cross-site request forgery due to improper cookie attribute setting.
CVE-2022-30613 IBM QRadar SIEM 7.4 and 7.5 could leak sensitive information via a local service to a privileged user.
CVE-2022-22480 IBM QRadar SIEM 7.4 and 7.5 data node rebalancing doesn't work correctly with encrypted hosts, which could lead to information disclosure.
CVE-2022-34308 IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling
CVE-2022-36772 In IBM InfoSphere Information Server 11.7, users with admin/privileged access could access sensitive information.
CVE-2022-39875 Samsung Account has an improper component protection vulnerability that allows attackers to logout.
CVE-2022-39850 In mom_container_policy service, improper access control allows unauthorized read of configuration data.
CVE-2022-39873 In Samsung Internet prior to version 18.0.4.14, improper authorization vulnerability allows attackers to add bookmarks in secret mode.
CVE-2022-39877 An access control vulnerability in Group Sharing prior to version 13.0.6.15 allows attackers to identify the device.
CVE-2022-39854 IOMMU before SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
CVE-2022-39849 Knox VPN policy service had improper access control, which allowed unauthorized read of configuration data.
CVE-2022-39848 In AT_Distributor prior to SMR Oct-2022 Release 1, exposure of sensitive information allows local attacker to access SerialNo.
CVE-2022-39852 The heap-based overflow in libagifencoder.quram in SMR Oct-2022 Release 1 allows attacker to execute code.
CVE-2022-39853 The perf-mgr driver has a use after free vulnerability. An attacker can cause a memory access fault.
CVE-2022-39862 In-app browser api was compromised in Dynamic Lockscreen prior to SMR Sep-2022 release.
CVE-2022-39855 FACM application has an access control vulnerability that allows a local attacker to connect arbitrary AP and Bluetooth devices.
CVE-2022-39858 An attack can write arbitrary files as the FactoryCamera privilege.
CVE-2022-39859 UPHelper library before 3.0.12 has an implicit intent hijacking vulnerability. An attacker can access sensitive information.
CVE-2022-39847 The set_nft_pid and signal_handler function of the NFC driver had an after free vulnerability that allows attackers to perform malicious actions.
CVE-2022-39861 Camera before 3.5.51 has an unprotected receiver that can be recorded by attackers.
CVE-2022-39870 An improper access control vulnerability in the cloud Notification Manager of SmartThings v1.7.89.0 allows attackers to access sensitive information.
CVE-2022-39864 In SmartThings WifiSetupLaunchHelper prior to version 1.7.89.25, attackers can access sensitive information if the app has an implicit intent.
CVE-2022-39871 In SmartThings before version 1.7.89.0, attackers can access sensitive information via implicit broadcasts.
CVE-2022-39865 In prior versions of SmartThings, attackers can access sensitive information via implicit broadcasts.
CVE-2022-39869 CloudNotificationManager allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
CVE-2022-39868 In GedSamsungAccount.kt SmartThings prior to version 1.7.89.0, attackers can access sensitive information via implicit broadcast.
CVE-2022-39867 In SmartThings 1.7.89.0, attackers can access sensitive information via a SHOW_PERSISTENT_BANNER broadcast.
CVE-2022-39872 In earlier versions of ShareLive, improper restriction of broadcasting led to the MAC address of connected Bluetooth devices being leaked.
CVE-2022-39851 The CocktailBarService has an improper access control vulnerability that allows a local attacker to bind a service that requires the BIND_REMOTEVIEWS permission.
CVE-2022-33896 An overflow vulnerability exists in the way Hword of Hancom Office 2020 parses XML-based files.
CVE-2022-39866 In SmartThings before version 1.7.89.0, attackers can access sensitive information via implicit broadcasts.
CVE-2022-40835 B.C
CVE-2022-40832 B.C
CVE-2022-40830 B.C
CVE-2022-40872 An SQL injection issue was found in Sourcecodester Simple E-Learning System 1.0. in /vcs/classRoom.php?classCode=.
CVE-2022-40833 B.C
CVE-2022-40826 B.C
CVE-2022-40824 B.C
CVE-2022-3422 Account Takeover :: when see the info i can see the hash pass i can creaked it
CVE-2022-40829 B.C
CVE-2022-40834 B.C
CVE-2022-40827 B.C
CVE-2022-40825 B.C
CVE-2022-40828 B.C
CVE-2022-40831 B.C
CVE-2022-3423 Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0.
CVE-2022-41672 Before version 2.4.1, deactivating a user wouldn't stop an already authenticated user from using the UI or API.
CVE-2022-3414 The vulnerability is in the file /Admin/login.php of the component POST Parameter Handler. It is critical.
CVE-2022-2929 ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 could eventually cause a DHCP server to run out of memory if it sends fqdn labels longer than 63 bytes.
CVE-2022-2928 In ISC DHCP 4.4.0 to 4.4.3, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field.
CVE-2022-26236 Users with default privileges can overwrite and manipulate executables and libraries.
CVE-2022-26238 The default privileges of Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allow non-privileged users to overwrite and manipulate executables and libraries.
CVE-2022-40494 NPS before v0.26.10 had an authentication bypass vulnerability that constantly generated and sent the Auth key and Timestamp parameters.
CVE-2022-39284 In earlier versions of CI, setting `$secure` or `$httponly` in `Config\Cookie` isn't reflected in `set_cookie()` or `Response::setCookie()`.
CVE-2022-39279 discourse-chat is a plugin for the Discourse message board which adds chat functionality
CVE-2022-27810 In dev-mode, if asserts are enabled, an infinite recursion condition is possible in the error handler.
CVE-2022-41528 An attacker exploited a stack overflow vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 to send a malicious text message.
CVE-2022-41526 An attacker sent the malicious IP address to TOTOLINK and got a V9.1.0u.6279_B20210910 firmware with a stack overflow.
CVE-2022-41525 The totolink nr1800x v9.1.0u.6279_b20210910 contains a command injection vulnerability.
CVE-2022-41527 The TOTOLINK NR1800X V9.1.0u.6279_B20210910 had an authenticated stack overflow.
CVE-2022-41522 An unauthenticated stack overflow was found in TOTOLINK NR1800X V9.1.0u.6279_B20210910.
CVE-2022-41524 An overflow was discovered in TOTOLINK NR1800X V9.1.0u.6279_B20210910 that involves the week, sTime, and eTime parameters in the setParentalRules function.
CVE-2022-41523 TOTOLINK NR1800X V9.1.0u.6279_B20210910 had an authenticated stack overflow due to the command parameter in the setTracerouteCfg function.
CVE-2022-42242 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
CVE-2022-42243 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
CVE-2022-42249 The Cold Storage Management System v1.0 is vulnerable to SQL injection. a>/csms/admin/storages/view_storage.php?id=/a>
CVE-2022-42457 Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh.
CVE-2022-42250 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
CVE-2022-41556 Lighttpd has a resource leak that could lead to a DoS if a lot of clients use the resource to send lots of data.
CVE-2022-41853 Using Statement or PreparedStatement in hsqldb may be vulnerable to remote code execution.
CVE-2022-41521 TOTOLINK NR1800X V9.1.0u.6279_B20210910 had an authenticated stack overflow.
CVE-2022-42241 The system is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message.
CVE-2022-41852 JXPath may be vulnerable to a remote code execution attack when using functions that process XPath strings. Compile() and compilePath() are safe.
CVE-2022-40895 An unauthenticated, remote attacker could exploit a vulnerability in Nedi products to affect the integrity of a device.
CVE-2022-3389 Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.
CVE-2022-39273 The control plane for the data processing platform Flyte is FlyteAdmin. Users who enable the default Flyte's authorization server are exposed to the public internet.
CVE-2022-39274 LoRaMac-node is a reference implementation of a LoRa network node. Earlier versions are vulnerable to a buffer overflow.
CVE-2022-39275 Saleor is a GraphQL platform that was affected by a vulnerability that allowed access to data that should only be accessible to the user who is authenticated.
CVE-2022-3002 XSS stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-40160 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
CVE-2022-40159 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
CVE-2022-39988 An XSS vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML.
CVE-2022-40161 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
CVE-2022-32171 Zinc versions v0.1.9 - v0.3.1 are vulnerable to Stored XSS when using the delete user functionality.
CVE-2022-40158 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
CVE-2022-39222 Dex is an identity service that uses OpenID Connect to drive authentication for other apps
CVE-2022-39265 MyBB is a free and open source forum software
CVE-2022-31252 SUSE Linux Enterprise Server 12-SP5 chkstat has an incorrect authorization vulnerability, which did not consider group writable path components. Local attackers with access to a group wi [END]
CVE-2022-31008 RabbitMQ is a messaging and streaming broker that uses federation and shovel plugins to obfuscate URI keys. The key used to encrypt the URI was seeded with a predictable secret.
CVE-2022-32172 In versions v0.1.9 through v0.3.1 of Zinc, users are vulnerable to Stored XSS when using the delete template functionality.
CVE-2022-3376 Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVE-2022-3273 Allocation of resources in GitHub repository ikus060/rdiffweb prior to 2.5.0a4 was not limited or throttled.
CVE-2022-3396 Vulnerability in CX-Programmer 9.78 and prior may allow attacker to execute arbitrary code.