adobe — animate |
Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38412
MISC |
adobe — animate
|
Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38411
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30678
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30680
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30681
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30682
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30683
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30684
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30685
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30677
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-30686
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-34218
MISC |
adobe — illustrator |
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38410
MISC |
adobe — illustrator |
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38408
MISC |
adobe — illustrator |
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38409
MISC |
adobe — incopy |
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38402
MISC |
adobe — incopy |
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38403
MISC |
adobe — incopy |
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38404
MISC |
adobe — incopy |
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38405
MISC |
adobe — incopy |
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38406
MISC |
adobe — incopy |
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38407
MISC |
adobe — incopy
|
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38401
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-28854
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-28852
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-28853
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38413
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38414
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38415
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38417
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-30676
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-30671
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-28856
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-28857
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-30675
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-30674
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-28855
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-30673
MISC |
adobe — indesign |
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-30672
MISC |
adobe — indesign
|
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38416
MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38431
MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38430
MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-35713
MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38432
MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.sue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38433
MISC |
adobe — photoshop |
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38434
MISC |
adobe — photoshop
|
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38427
MISC |
adobe — photoshop
|
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38429
MISC |
adobe — photoshop
|
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38428
MISC |
adobe — photoshop
|
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
2022-09-16 |
not yet calculated |
CVE-2022-38426
MISC |
adobe — experience_manager |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM. |
2022-09-16 |
not yet calculated |
CVE-2022-35664
MISC |
adtran — sr510n |
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. |
2022-09-14 |
not yet calculated |
CVE-2022-37661
MISC
MISC
MISC |
aenrich — a+hrd |
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x |
2022-09-09 |
not yet calculated |
CVE-2022-28741
MISC
MISC |
aenrich — ehrd_learning_management_key_performance_indicator_system |
aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor. |
2022-09-09 |
not yet calculated |
CVE-2022-28740
MISC
MISC |
aenrich — ehrd_learning_management_key_performance_indicator_system |
aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application |
2022-09-09 |
not yet calculated |
CVE-2022-28742
MISC
MISC |
aerocms — aerocms |
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
2022-09-13 |
not yet calculated |
CVE-2022-38305
MISC |
airties — wifi_extender |
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference. |
2022-09-15 |
not yet calculated |
CVE-2022-38789
MISC
MISC |
aivhub — active_intelligence_visualization |
An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection. |
2022-09-09 |
not yet calculated |
CVE-2021-44835
MISC
MISC |
amanda — amanda |
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. |
2022-09-13 |
not yet calculated |
CVE-2022-37703
MISC
MISC |
ansys_spaceclaim — ansys_spaceclaim |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17844. |
2022-09-15 |
not yet calculated |
CVE-2022-40651
MISC |
ansys_spaceclaim — ansys_spaceclaim |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18351. |
2022-09-15 |
not yet calculated |
CVE-2022-40654
MISC |
ansys_spaceclaim — ansys_spaceclaim |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17541. |
2022-09-15 |
not yet calculated |
CVE-2022-40646
MISC |
ansys_spaceclaim — ansys_spaceclaim |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17308. |
2022-09-15 |
not yet calculated |
CVE-2022-40640
MISC |
ansys_spaceclaim — ansys_spaceclaim |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563. |
2022-09-15 |
not yet calculated |
CVE-2022-40648
MISC |
ansys_spaceclaim — ansys_spaceclaim |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17540. |
2022-09-15 |
not yet calculated |
CVE-2022-40645
MISC |
ansys_spaceclaim — ansys_spaceclaim |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17407. |
2022-09-15 |
not yet calculated |
CVE-2022-40643
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17838. |
2022-09-15 |
not yet calculated |
CVE-2022-40650
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17565. |
2022-09-15 |
not yet calculated |
CVE-2022-40649
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17558. |
2022-09-15 |
not yet calculated |
CVE-2022-40647
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045. |
2022-09-15 |
not yet calculated |
CVE-2022-40637
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17317. |
2022-09-15 |
not yet calculated |
CVE-2022-40641
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18349. |
2022-09-15 |
not yet calculated |
CVE-2022-40653
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17408. |
2022-09-15 |
not yet calculated |
CVE-2022-40644
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102. |
2022-09-15 |
not yet calculated |
CVE-2022-40638
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17318. |
2022-09-15 |
not yet calculated |
CVE-2022-40642
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17207. |
2022-09-15 |
not yet calculated |
CVE-2022-40639
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17846. |
2022-09-15 |
not yet calculated |
CVE-2022-40652
MISC |
ansys_spaceclaim — ansys_spaceclaim
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044. |
2022-09-15 |
not yet calculated |
CVE-2022-40636
MISC |
anydesk — anydesk |
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim’s local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. |
2022-09-12 |
not yet calculated |
CVE-2021-44426
MISC
MISC |
anydesk — anydesk |
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine’s AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port). |
2022-09-12 |
not yet calculated |
CVE-2021-44425
MISC
MISC |
apache — calcite |
In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators. |
2022-09-11 |
not yet calculated |
CVE-2022-39135
MISC |
appsmith — appsmith |
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. |
2022-09-12 |
not yet calculated |
CVE-2022-38299
MISC |
appsmith — appsmith |
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. |
2022-09-12 |
not yet calculated |
CVE-2022-38298
MISC |
appwrite — appwrite |
Cross-site Scripting (XSS) – Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1. |
2022-09-09 |
not yet calculated |
CVE-2022-2925
CONFIRM
MISC |
archery — archery |
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. |
2022-09-13 |
not yet calculated |
CVE-2022-38540
MISC |
archery — archery |
Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. |
2022-09-13 |
not yet calculated |
CVE-2022-38541
MISC |
archery — archery |
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. |
2022-09-13 |
not yet calculated |
CVE-2022-38542
MISC |
archery — archery |
Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. |
2022-09-13 |
not yet calculated |
CVE-2022-38537
MISC |
archery — archery |
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. |
2022-09-13 |
not yet calculated |
CVE-2022-38538
MISC |
archery — archery |
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. |
2022-09-13 |
not yet calculated |
CVE-2022-38539
MISC |
ark_web — moveable_type_plugin_a-form |
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script. |
2022-09-12 |
not yet calculated |
CVE-2022-38972
MISC
MISC
MISC |
arq_backup — arq_backup |
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords. |
2022-09-09 |
not yet calculated |
CVE-2022-36617
MISC
MISC |
assura — northstar_club_management |
There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite. |
2022-09-16 |
not yet calculated |
CVE-2022-26959
MISC
MISC |
atlassian — jira
|
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI. |
2022-09-17 |
not yet calculated |
CVE-2022-39960
MISC
CONFIRM |
avdor_cis — crystal_quality |
Avdor CIS – crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number – id of the recorded number. |
2022-09-13 |
not yet calculated |
CVE-2022-36780
MISC |
axiomic_systems — bento4 |
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write. |
2022-09-15 |
not yet calculated |
CVE-2022-40738
MISC |
axiomic_systems — bento4
|
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp. |
2022-09-15 |
not yet calculated |
CVE-2022-40736
MISC |
axiomic_systems — bento4
|
An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields. |
2022-09-15 |
not yet calculated |
CVE-2022-40737
MISC |
axum-core — axum-core |
<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String |
2022-09-14 |
not yet calculated |
CVE-2022-3212
CONFIRM
CONFIRM |
baxter — spectrum_wireless_battery_module |
The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. An attacker with physical access to a device that hasn’t had all data and settings erased may be able to extract sensitive information. |
2022-09-09 |
not yet calculated |
CVE-2022-26390
MISC
MISC |
baxter — spectrum_wireless_battery_module |
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail. |
2022-09-09 |
not yet calculated |
CVE-2022-26394
MISC
MISC |
baxter — spectrum_wireless_battery_module |
The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM. |
2022-09-09 |
not yet calculated |
CVE-2022-26393
MISC
MISC |
baxter — spectrum_wireless_battery_module |
The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information. |
2022-09-09 |
not yet calculated |
CVE-2022-26392
MISC
MISC |
bolt_cms — bolt_cms |
Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution. |
2022-09-16 |
not yet calculated |
CVE-2022-36532
MISC
MISC |
bpc_banking_technologies — smartvista_cardgen |
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. |
2022-09-09 |
not yet calculated |
CVE-2022-38613
MISC
MISC
MISC |
bpc_banking_technologies — smartvista_front-end |
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf. |
2022-09-09 |
not yet calculated |
CVE-2022-38615
MISC
MISC
MISC |
bpc_banking_technologies — smartvista_front-end |
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf. |
2022-09-13 |
not yet calculated |
CVE-2022-38616
MISC
MISC
MISC |
bpc_banking_technologies — smartvista_cardgen |
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. |
2022-09-09 |
not yet calculated |
CVE-2022-38614
MISC
MISC
MISC |
budibase — budibase |
Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20. |
2022-09-16 |
not yet calculated |
CVE-2022-3225
MISC
CONFIRM |
buildah — buildah |
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. |
2022-09-13 |
not yet calculated |
CVE-2022-2990
MISC
MISC |
cargo — cargo |
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes “ok” to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write “ok” into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it’s possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well. |
2022-09-14 |
not yet calculated |
CVE-2022-36113
MISC
CONFIRM |
cargo — cargo
|
Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a “zip bomb”), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it’s possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here. |
2022-09-14 |
not yet calculated |
CVE-2022-36114
CONFIRM
MISC |
casdoor — casdoor |
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. |
2022-09-09 |
not yet calculated |
CVE-2022-38638
MISC |
chromium — microsoft_edge |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. |
2022-09-13 |
not yet calculated |
CVE-2022-38012
MISC |
church_management_system — church_management_system |
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php. |
2022-09-12 |
not yet calculated |
CVE-2022-38605
MISC |
church_management_system — church_management_system |
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. |
2022-09-15 |
not yet calculated |
CVE-2022-38594
MISC |
church_management_system — church_management_system |
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. |
2022-09-15 |
not yet calculated |
CVE-2022-38595
MISC |
cmark-gfm — cmark-gfm
|
cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm’s autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c ‘print(“![l”* 100000 + “n”)’ | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension. |
2022-09-15 |
not yet calculated |
CVE-2022-39209
CONFIRM
MISC
MISC |
contec_health — cms8000_contec_icu_ccu_vital_signs_patient_monitor |
The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information. |
2022-09-13 |
not yet calculated |
CVE-2022-3027
MISC |
contechealth — cms8000 |
Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged credential access enables the extraction of sensitive patient information or modification of device parameters |
2022-09-13 |
not yet calculated |
CVE-2022-38069
MISC |
contechealth — cms8000 |
The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network. |
2022-09-13 |
not yet calculated |
CVE-2022-38100
MISC |
contechealth — cms8000 |
A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device. |
2022-09-13 |
not yet calculated |
CVE-2022-36385
MISC |
contechealth — cms8000 |
Multiple binary application files on the CMS8000 device are compiled with ‘not stripped’ and ‘debug_info’ compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities. |
2022-09-13 |
not yet calculated |
CVE-2022-38453
MISC |
craft_cms — craft_cms |
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. |
2022-09-16 |
not yet calculated |
CVE-2022-37251
MISC
MISC |
craft_cms — craft_cms |
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. |
2022-09-16 |
not yet calculated |
CVE-2022-37247
MISC
MISC |
craft_cms — craft_cms |
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. |
2022-09-16 |
not yet calculated |
CVE-2022-37250
MISC
MISC |
craft_cms — craft_cms |
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. |
2022-09-16 |
not yet calculated |
CVE-2022-37248
MISC
MISC |
crafter_cms — crafter_cms |
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI. |
2022-09-13 |
not yet calculated |
CVE-2022-40634
MISC |
crafter_cms — crafter_cms |
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. |
2022-09-13 |
not yet calculated |
CVE-2022-40635
MISC |
crestron — airmedia |
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. |
2022-09-13 |
not yet calculated |
CVE-2022-34100
MISC
MISC |
crestron — airmedia |
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt. |
2022-09-13 |
not yet calculated |
CVE-2022-34102
MISC
MISC |
crestron — airmedia |
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. |
2022-09-13 |
not yet calculated |
CVE-2022-34101
MISC
MISC |
crushftp — crushftp |
An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user’s page appears in the Most Visited section of the page. |
2022-09-15 |
not yet calculated |
CVE-2021-44076
MISC
MISC |
cuppa_cms — cuppa_cms |
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. |
2022-09-12 |
not yet calculated |
CVE-2022-38296
MISC |
cuppa_cms — cuppa_cms |
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. |
2022-09-12 |
not yet calculated |
CVE-2022-38295
MISC |
cuppa_cms — cuppa_cms |
The component “cuppa/api/index.php” of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. |
2022-09-13 |
not yet calculated |
CVE-2022-37191
MISC
MISC |
cuppa_cms — cuppa_cms |
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from “/api/index.php. |
2022-09-13 |
not yet calculated |
CVE-2022-37190
MISC
MISC |
dell — dell_bios |
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system. |
2022-09-12 |
not yet calculated |
CVE-2022-31226
MISC |
dell — dell_bios |
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. |
2022-09-12 |
not yet calculated |
CVE-2022-31225
MISC |
dell — dell_bios |
Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system. |
2022-09-12 |
not yet calculated |
CVE-2022-31224
MISC |
dell — dell_bios |
Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system. |
2022-09-12 |
not yet calculated |
CVE-2022-31223
MISC |
dell — dell_bios |
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. |
2022-09-12 |
not yet calculated |
CVE-2022-31220
MISC |
dell — dell_bios |
Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash. |
2022-09-12 |
not yet calculated |
CVE-2022-31222
MISC |
dell — dell_bios |
Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system. |
2022-09-12 |
not yet calculated |
CVE-2022-31221
MISC |
delta_industrial_automation — diaenergy |
Delta Industrial Automation’s DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. |
2022-09-16 |
not yet calculated |
CVE-2022-3214
MISC |
devolutions — remote_desktop_manager |
Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions. |
2022-09-13 |
not yet calculated |
CVE-2022-3182
MISC |
diffplug — com.diffplug.gradle:goomph |
This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious. |
2022-09-11 |
not yet calculated |
CVE-2022-26049
MISC
MISC
MISC |
doufox — doufox
|
Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
2022-09-16 |
not yet calculated |
CVE-2022-38621
MISC |
drawio — drawio |
OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0. |
2022-09-09 |
not yet calculated |
CVE-2022-3133
MISC
CONFIRM |
drawio — drawio |
Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 20.3.1. |
2022-09-16 |
not yet calculated |
CVE-2022-3223
MISC
CONFIRM |
eci — printanista_hub |
The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) through 2022-06-27 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly. |
2022-09-15 |
not yet calculated |
CVE-2022-40306
MISC
MISC |
emakin — 6kare_emakin |
6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page. |
2022-09-16 |
not yet calculated |
CVE-2020-25491
MISC |
espocrm — espocrm |
CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system. |
2022-09-16 |
not yet calculated |
CVE-2022-38844
MISC |
espocrm — espocrm |
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser. |
2022-09-16 |
not yet calculated |
CVE-2022-38845
MISC |
espocrm — espocrm |
EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server. |
2022-09-16 |
not yet calculated |
CVE-2022-38843
MISC |
espocrm — espocrm |
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack. |
2022-09-16 |
not yet calculated |
CVE-2022-38846
MISC |
event_management_system — event_management_system |
Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
2022-09-15 |
not yet calculated |
CVE-2022-38323
MISC |
feehi — feehi_cms |
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails. |
2022-09-14 |
not yet calculated |
CVE-2022-38796
MISC |
fiberhome — an5506-02-b |
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field. |
2022-09-15 |
not yet calculated |
CVE-2022-38814
MISC |
forcepoint — multiple_products |
Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022. |
2022-09-12 |
not yet calculated |
CVE-2022-1700
MISC |
fortinet — fortisoar |
An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests. |
2022-09-09 |
not yet calculated |
CVE-2022-29061
CONFIRM |
freshworks — freshservice_agent |
FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service. |
2022-09-12 |
not yet calculated |
CVE-2022-36174
MISC
MISC |
freshworks — freshservice_probe |
FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service. |
2022-09-12 |
not yet calculated |
CVE-2022-36173
MISC
MISC |
garage_management_system — garage_management_system |
Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. |
2022-09-14 |
not yet calculated |
CVE-2022-36668
MISC
MISC |
garage_management_system — garage_management_system |
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php. |
2022-09-12 |
not yet calculated |
CVE-2022-38606
MISC |
garage_management_system — garage_management_system |
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE. |
2022-09-14 |
not yet calculated |
CVE-2022-36667
MISC
MISC |
garage_management_system — garage_management_system |
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php. |
2022-09-12 |
not yet calculated |
CVE-2022-38610
MISC |
garage_management_system — garage_management_system |
Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. |
2022-09-16 |
not yet calculated |
CVE-2022-38877
MISC |
genesys_pureconnect — interaction_web_tools_chat_service |
Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. |
2022-09-16 |
not yet calculated |
CVE-2022-37775
MISC
MISC
MISC |
genymobile — genymotion_desktop |
Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. |
2022-09-13 |
not yet calculated |
CVE-2022-38633
MISC |
ghas-to-csv — ghas-to-csv
|
some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue. |
2022-09-17 |
not yet calculated |
CVE-2022-39217
MISC
CONFIRM |
glpi — glpi |
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users are advised to upgrade to version 10.0.3 to resolve this issue. Users unable to upgrade should disable global search. |
2022-09-14 |
not yet calculated |
CVE-2022-31187
CONFIRM
MISC |
glpi — glpi
|
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration page. They can be used to steal a GLPI administrator cookie. Users are advised to upgrade to 10.0.3. There are no known workarounds for this issue. ### Workarounds Do not use a registration key created by an untrusted person. |
2022-09-14 |
not yet calculated |
CVE-2022-35945
MISC
CONFIRM |
glpi — glpi
|
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration. |
2022-09-14 |
not yet calculated |
CVE-2022-35947
MISC
CONFIRM |
glpi — glpi
|
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have “General setup” update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script. |
2022-09-14 |
not yet calculated |
CVE-2022-35946
MISC
CONFIRM |
glpi — glpi
|
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds. |
2022-09-14 |
not yet calculated |
CVE-2022-36112
CONFIRM
MISC |
glpi — glpi
|
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of GLPI (like smtp or cas hosts). Note that passwords are not exposed. Users are advised to upgrade to version 10.0.3. There are no known workarounds for this issue. |
2022-09-14 |
not yet calculated |
CVE-2022-31143
MISC
CONFIRM |
go — go-cvss
|
go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`. Users are advised to upgrade. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes defined (e.g. `AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M`). As stated in [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), the CPE v2.3 to refer to this Go module is `cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*`. The entry has already been requested to the NVD CPE dictionary. |
2022-09-15 |
not yet calculated |
CVE-2022-39213
MISC
MISC
CONFIRM |
gocron — gocron |
Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. |
2022-09-14 |
not yet calculated |
CVE-2022-40365
MISC
MISC |
google — android |
In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238916921 |
2022-09-13 |
not yet calculated |
CVE-2021-0943
MISC |
google — android |
In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238918403 |
2022-09-13 |
not yet calculated |
CVE-2021-0697
MISC |
google — android |
In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed |
2022-09-09 |
not yet calculated |
CVE-2022-39119
MISC |
google — android |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 |
2022-09-13 |
not yet calculated |
CVE-2022-20390
MISC |
google — android |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328 |
2022-09-13 |
not yet calculated |
CVE-2022-20386
MISC |
google — android |
a function called ‘nla_parse’, do not check the len of para, it will check nla_type (which can be controlled by userspace) with ‘maxtype’ (in this case, it is GSCAN_MAX), then it access polciy array ‘policy[type]’, which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819 |
2022-09-13 |
not yet calculated |
CVE-2022-20385
MISC |
google — android |
In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233606615References: N/A |
2022-09-14 |
not yet calculated |
CVE-2022-20364
MISC |
google — android |
In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211485702References: N/A |
2022-09-14 |
not yet calculated |
CVE-2022-20231
MISC |
google — android |
In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238921253 |
2022-09-13 |
not yet calculated |
CVE-2021-0871
MISC |
google — android |
The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312 |
2022-09-13 |
not yet calculated |
CVE-2021-0942
MISC |
google — android |
In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734 |
2022-09-13 |
not yet calculated |
CVE-2022-20398
MISC |
google — android |
In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-234440688 |
2022-09-13 |
not yet calculated |
CVE-2022-20396
MISC |
google — android |
In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886 |
2022-09-13 |
not yet calculated |
CVE-2022-20393
MISC |
google — android |
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 |
2022-09-13 |
not yet calculated |
CVE-2022-20392
MISC |
google — android |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 |
2022-09-13 |
not yet calculated |
CVE-2022-20388
MISC |
google — android |
In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 |
2022-09-13 |
not yet calculated |
CVE-2022-20395
MISC |
google — android |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324 |
2022-09-13 |
not yet calculated |
CVE-2022-20387
MISC |
google — android |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000 |
2022-09-13 |
not yet calculated |
CVE-2022-20391
MISC |
google — android |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 |
2022-09-13 |
not yet calculated |
CVE-2022-20389
MISC |
google — android |
In the SEPolicy configuration of system apps, there is a possible access to the ‘ip’ utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219808546References: Upstream kernel |
2022-09-13 |
not yet calculated |
CVE-2022-20399
MISC |
google — android
|
Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue. |
2022-09-17 |
not yet calculated |
CVE-2022-39210
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` receives input `min` or `max` of rank other than 1, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35990
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36002
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36003
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36005
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36001
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36011
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with more than one dimension, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c8ba76d48567aed347508e0552a257641931024d. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35998
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36013
MISC
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36017
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35999
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36014
MISC
MISC
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36015
CONFIRM
MISC
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is not a scalar, it gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35997
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36000
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35996
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits` input tensor, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36026
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35971
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35979
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35974
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has been patched in GitHub commit 595a65a3e224a0362d7e68c2213acfc2b499a196. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35937
MISC
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35973
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35972
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. This issue has been patched in GitHub commit 4142e47e9e31db481781b955ed3ff807a781b494. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35938
MISC
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in GitHub commit c65c67f88ad770662e8f191269a907bf2b94b1bf. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35935
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35983
CONFIRM
MISC |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35988
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` with dimensions greater than its input tensor `input`, the GPU kernel gives a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 32d7bd3defd134f21a4e344c8dfd40099aaf6b18. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35989
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36004
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36019
MISC
CONFIRM |
google — tensorflow |
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35934
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 50156d547b9a1da0144d7babe665cf690305b33c. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35969
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36027
MISC
CONFIRM
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35963
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35982
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35981
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with more than one element, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35995
CONFIRM
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35964
CONFIRM
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35968
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35967
CONFIRM
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35966
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36012
CONFIRM
MISC
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35970
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35993
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35994
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35984
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a rank greater than one, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35992
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times the number of elements as indicated in its `batch_index.dim_size(0)`. An incorrect `batch_index` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 5f945fc6409a3c1e90d6970c9292f805f6e6ddf2. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35952
MISC
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds to this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35941
MISC
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an `InvalidArgument` but also throws an abort signal that crashes the program. We have patched the issue in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35940
CONFIRM
MISC
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35985
CONFIRM
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` list that contains tensors of ranks other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36018
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-36016
MISC
CONFIRM
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35959
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35965
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc’s TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ` in `CheckIsAlignedAndSingleElement`. We have patched the issue in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35960
CONFIRM
MISC
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have patched the issue in GitHub commit b4d4b4cb019bd7240a52daa4ba61e3cc814f0384. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35939
MISC
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive an `element_shape` of a rank greater than one, they give a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35991
MISC
CONFIRM |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35987
CONFIRM
MISC |
google — tensorflow
|
TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. |
2022-09-16 |
not yet calculated |
CVE-2022-35986
MISC
CONFIRM |
gophish — gophish |
This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue(“next”)) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\example.com, browser will redirect user to http://example.com. |
2022-09-11 |
not yet calculated |
CVE-2022-25295
MISC
MISC |
go — go |
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath(“https://go.dev”, “../go”) returns the URL “https://go.dev/../go”, despite the JoinPath documentation stating that ../ path elements are removed from the result. |
2022-09-13 |
not yet calculated |
CVE-2022-32190
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA |
gpac — gpac |
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. |
2022-09-15 |
not yet calculated |
CVE-2022-3222
CONFIRM
MISC |
gpac — gpac |
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. |
2022-09-12 |
not yet calculated |
CVE-2022-3178
MISC
CONFIRM |
graphql-java — graphql-java |
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4. |
2022-09-12 |
not yet calculated |
CVE-2022-37734
MISC
MISC
CONFIRM
CONFIRM |
gravitl — netmaker |
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. |
2022-09-09 |
not yet calculated |
CVE-2022-36110
CONFIRM
MISC |
hangzhou_ezviz_network — ezviz_cs-c6n-a0-1c2wfr
|
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. |
2022-09-15 |
not yet calculated |
CVE-2022-2472
MISC |
hangzhou_ezviz_network — ezviz_motion_detection |
Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723. |
2022-09-15 |
not yet calculated |
CVE-2022-2471
MISC |
hcl — hcl_traveler |
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). |
2022-09-15 |
not yet calculated |
CVE-2022-27561
MISC |
hitachi_energy — microscada_x_sys600 |
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600’s ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* |
2022-09-14 |
not yet calculated |
CVE-2022-2277
CONFIRM |
hitachi_energy — microscada_x_sys600 |
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* |
2022-09-14 |
not yet calculated |
CVE-2022-29492
CONFIRM |
hitachi_energy — microscada_x_sys600 |
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* |
2022-09-14 |
not yet calculated |
CVE-2022-29922
CONFIRM |
hitachi_energy — microscada_x_sys600 |
Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* |
2022-09-14 |
not yet calculated |
CVE-2022-1778
CONFIRM |
hitachi_energy — microscada_x_sys600 |
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user’s role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* |
2022-09-12 |
not yet calculated |
CVE-2022-29490
CONFIRM |
honeywell — softmaster |
A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. |
2022-09-16 |
not yet calculated |
CVE-2022-2332
CONFIRM
CONFIRM |
honeywell — softmaster |
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions. |
2022-09-16 |
not yet calculated |
CVE-2022-2333
CONFIRM
CONFIRM |
hospital_information_system — hospital_information_system |
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. |
2022-09-14 |
not yet calculated |
CVE-2022-36669
MISC
MISC
MISC
MISC |
hospital_management_system — hospital_management_system |
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. |
2022-09-13 |
not yet calculated |
CVE-2022-38637
MISC
MISC |
hotel_management_system — hotel_management_system |
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as “fullname”. |
2022-09-12 |
not yet calculated |
CVE-2022-36254
MISC
MISC |
hoteldruid — hotel_management_software |
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. |
2022-09-16 |
not yet calculated |
CVE-2021-42949
MISC
MISC
MISC |
hoteldruid — hotel_management_software |
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id’s. |
2022-09-16 |
not yet calculated |
CVE-2021-42948
MISC
MISC
MISC |
hoyoverse — mhyprot2.sys |
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges. |
2022-09-14 |
not yet calculated |
CVE-2020-36603
MISC
MISC
MISC
MISC
MISC |
hp — thinpro |
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8. |
2022-09-13 |
not yet calculated |
CVE-2022-1602
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
2022-09-16 |
not yet calculated |
CVE-2022-38993
MISC
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2022-38978
MISC
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2022-38997
MISC
MISC |
huawei — emui/magic_ui |
The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart. |
2022-09-16 |
not yet calculated |
CVE-2022-39006
MISC
MISC |
huawei — emui/magic_ui |
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2021-46836
MISC
MISC |
huawei — emui/magic_ui |
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2021-40024
MISC
MISC |
huawei — emui/magic_ui |
Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot. |
2022-09-16 |
not yet calculated |
CVE-2020-36601
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2022-38991
MISC
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2022-38979
MISC
MISC |
huawei — emui/magic_ui |
Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart. |
2022-09-16 |
not yet calculated |
CVE-2020-36600
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2022-38988
MISC
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
2022-09-16 |
not yet calculated |
CVE-2022-38989
MISC
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
2022-09-16 |
not yet calculated |
CVE-2022-38990
MISC
MISC |
huawei — emui/magic_ui |
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2021-40023
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2022-38992
MISC
MISC |
huawei — emui/magic_ui |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
2022-09-16 |
not yet calculated |
CVE-2022-38987
MISC
MISC |
huawei — emui/magic_ui
|
Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components. |
2022-09-16 |
not yet calculated |
CVE-2022-39003
MISC |
huawei — emui/magic_ui
|
Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice. |
2022-09-16 |
not yet calculated |
CVE-2022-39002
MISC |
huawei — harmonyos |
Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access. |
2022-09-16 |
not yet calculated |
CVE-2021-40019
MISC |
huawei — harmonyos |
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. |
2022-09-16 |
not yet calculated |
CVE-2022-39004
MISC
MISC |
huawei — harmonyos |
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. |
2022-09-16 |
not yet calculated |
CVE-2022-39005
MISC
MISC |
huawei — harmonyos |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
2022-09-16 |
not yet calculated |
CVE-2022-38994
MISC
MISC |
huawei — harmonyos |
The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. |
2022-09-16 |
not yet calculated |
CVE-2021-40017
MISC |
huawei — harmonyos |
The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information. |
2022-09-16 |
not yet calculated |
CVE-2022-39010
MISC
MISC |
huawei — harmonyos |
The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions. |
2022-09-16 |
not yet calculated |
CVE-2022-39009
MISC
MISC |
huawei — harmonyos |
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps. |
2022-09-16 |
not yet calculated |
CVE-2022-39008
MISC
MISC |
huawei — harmonyos |
The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. |
2022-09-16 |
not yet calculated |
CVE-2022-39007
MISC
MISC |
huawei — harmonyos |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
2022-09-16 |
not yet calculated |
CVE-2022-38996
MISC
MISC |
huawei — harmonyos |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
2022-09-16 |
not yet calculated |
CVE-2022-38995
MISC
MISC |
huawei — harmonyos
|
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. |
2022-09-16 |
not yet calculated |
CVE-2022-39000
MISC
MISC |
huawei — harmonyos
|
The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. |
2022-09-16 |
not yet calculated |
CVE-2022-38999
MISC
MISC |
huawei — harmonyos
|
The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure. |
2022-09-16 |
not yet calculated |
CVE-2022-39001
MISC
MISC |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502. |
2022-09-13 |
not yet calculated |
CVE-2022-34356
CONFIRM
XF |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014. |
2022-09-13 |
not yet calculated |
CVE-2022-36768
XF
CONFIRM |
ibm — control_desk |
IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126. |
2022-09-13 |
not yet calculated |
CVE-2022-22330
XF
CONFIRM |
ibm — control_desk |
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124. |
2022-09-13 |
not yet calculated |
CVE-2022-22329
XF
CONFIRM |
ibm — db2 |
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. |
2022-09-13 |
not yet calculated |
CVE-2022-22483
CONFIRM
XF |
ibm — db2 |
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. |
2022-09-13 |
not yet calculated |
CVE-2022-35637
CONFIRM
XF |
ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163. |
2022-09-14 |
not yet calculated |
CVE-2021-38924
CONFIRM
XF |
ibm — multiple_products |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. |
2022-09-09 |
not yet calculated |
CVE-2022-34165
XF
CONFIRM |
ibm — websphere_application_server |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. |
2022-09-13 |
not yet calculated |
CVE-2022-34336
CONFIRM
XF |
indy-node — indy-node |
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose. However, the ledger content will not be impacted and the ledger will resume functioning after the attack. This attack exploits the trade-off between resilience and availability. Any protection against abusive client connections will also prevent the network being accessed by certain legitimate users. As a result, validator nodes must tune their firewall rules to ensure the right trade-off for their network’s expected users. The guidance to network operators for the use of firewall rules in the deployment of Indy networks has been modified to better protect against denial of service attacks by increasing the cost and complexity in mounting such attacks. The mitigation for this vulnerability is not in the Hyperledger Indy code per se, but rather in the individual deployments of Indy. The mitigations should be applied to all deployments of Indy, and are not related to a particular release. |
2022-09-09 |
not yet calculated |
CVE-2022-31006
CONFIRM
MISC |
inventorymanagementsystem — inventorymanagementsystem |
A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as “searchTxt”. |
2022-09-12 |
not yet calculated |
CVE-2022-36255
MISC
MISC
MISC |
inventorymanagementsystem — inventorymanagementsystem |
A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as “username”, “password”, etc. |
2022-09-12 |
not yet calculated |
CVE-2022-36259
MISC
MISC
MISC |
inventorymanagementsystem — inventorymanagementsystem |
A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as “searchTxt”. |
2022-09-12 |
not yet calculated |
CVE-2022-36258
MISC
MISC
MISC |
inventorymanagementsystem — inventorymanagementsystem |
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as “users”, “pass”, etc. |
2022-09-12 |
not yet calculated |
CVE-2022-36257
MISC
MISC
MISC |
inventorymanagementsystem — inventorymanagementsystem |
A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as “productcode”. |
2022-09-12 |
not yet calculated |
CVE-2022-36256
MISC
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33. |
2022-09-16 |
not yet calculated |
CVE-2020-23553
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20. |
2022-09-16 |
not yet calculated |
CVE-2020-23554
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62. |
2022-09-16 |
not yet calculated |
CVE-2020-23552
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e. |
2022-09-16 |
not yet calculated |
CVE-2020-23555
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28. |
2022-09-16 |
not yet calculated |
CVE-2020-23556
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. |
2022-09-16 |
not yet calculated |
CVE-2020-23559
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d. |
2022-09-16 |
not yet calculated |
CVE-2020-23557
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30. |
2022-09-16 |
not yet calculated |
CVE-2020-23551
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. |
2022-09-16 |
not yet calculated |
CVE-2020-23560
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82. |
2022-09-16 |
not yet calculated |
CVE-2020-23550
MISC
MISC |
irfanview — irfanview |
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. |
2022-09-16 |
not yet calculated |
CVE-2020-23558
MISC
MISC |
jasper — jasper
|
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. |
2022-09-16 |
not yet calculated |
CVE-2022-40755
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38283
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38281
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38278
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38282
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38277
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38276
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38275
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve. |
2022-09-09 |
not yet calculated |
CVE-2022-38273
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38284
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38274
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38280
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38272
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38285
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38286
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection |
2022-09-15 |
not yet calculated |
CVE-2022-37207
MISC
MISC |
jfinal_cms — jfinal_cms |
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list. |
2022-09-09 |
not yet calculated |
CVE-2022-38279
MISC |
jfinal_cms — jfinal_cms
|
JFinal CMS 5.1.0 is vulnerable to SQL Injection. |
2022-09-15 |
not yet calculated |
CVE-2022-37201
MISC
MISC |
json — json
|
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. |
2022-09-16 |
not yet calculated |
CVE-2022-40149
CONFIRM
CONFIRM |
json — json
|
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. |
2022-09-16 |
not yet calculated |
CVE-2022-40150
CONFIRM
CONFIRM |
kdiskmark — kdiskmark |
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. |
2022-09-14 |
not yet calculated |
CVE-2022-40673
MISC
MISC
MISC
MLIST
FEDORA |
kubevirt — kubevirt
|
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible. |
2022-09-15 |
not yet calculated |
CVE-2022-1798
CONFIRM |
libconfuse — libconfuse |
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. |
2022-09-09 |
not yet calculated |
CVE-2022-40320
MISC
FEDORA |
libexpat_project — libexpat |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. |
2022-09-14 |
not yet calculated |
CVE-2022-40674
MISC
MISC |
library_management_system — library_management_system |
In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. |
2022-09-12 |
not yet calculated |
CVE-2022-37794
MISC |
librenms — librenms
|
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.9.0. |
2022-09-17 |
not yet calculated |
CVE-2022-3231
MISC
CONFIRM |
lief — lief |
LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. |
2022-09-13 |
not yet calculated |
CVE-2022-38496
MISC |
lief — lief |
LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. |
2022-09-13 |
not yet calculated |
CVE-2022-38497
MISC |
lief — lief |
LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. |
2022-09-13 |
not yet calculated |
CVE-2022-38495
MISC |
lief-project — lief |
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. |
2022-09-13 |
not yet calculated |
CVE-2022-38307
MISC |
lief-project — lief |
LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. |
2022-09-13 |
not yet calculated |
CVE-2022-38306
MISC |
lighttpd — lighttpd |
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. |
2022-09-12 |
not yet calculated |
CVE-2022-37797
MISC |
linksys — e5350 |
On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction. |
2022-09-12 |
not yet calculated |
CVE-2022-35572
MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. |
2022-09-14 |
not yet calculated |
CVE-2022-2977
MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. |
2022-09-09 |
not yet calculated |
CVE-2022-40307
MISC |
linux — linux_kernel |
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). |
2022-09-09 |
not yet calculated |
CVE-2022-36280
MISC |
linux — linux_kernel |
An out-of-bounds memory read flaw was found in the Linux kernel’s BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. |
2022-09-09 |
not yet calculated |
CVE-2022-2905
MISC
MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. |
2022-09-09 |
not yet calculated |
CVE-2022-2964
MISC |
linux — linux_kernel |
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service. |
2022-09-14 |
not yet calculated |
CVE-2022-40476
MISC
MISC
MISC |
linux — linux_kernel |
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. |
2022-09-14 |
not yet calculated |
CVE-2022-3202
MISC |
linux — linux_kernel |
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system. |
2022-09-09 |
not yet calculated |
CVE-2022-3077
MISC |
linux — linux_kernel |
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). |
2022-09-09 |
not yet calculated |
CVE-2022-38096
MISC |
linux — linux_kernel |
A use-after-free(UAF) vulnerability was found in function ‘vmw_cmd_res_check’ in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel’s vmwgfx driver with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). |
2022-09-09 |
not yet calculated |
CVE-2022-38457
MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. |
2022-09-09 |
not yet calculated |
CVE-2022-3169
MISC |
linux — linux_kernel |
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn’t handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 |
2022-09-16 |
not yet calculated |
CVE-2022-3176
MISC
MISC |
linux — linux_kernel |
A use-after-free(UAF) vulnerability was found in function ‘vmw_execbuf_tie_context’ in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel’s vmwgfx driver with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). |
2022-09-09 |
not yet calculated |
CVE-2022-40133
MISC |
linux — linux_kernel |
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the ‘id->name’ provided by the user did not end with ‘ |