US-CERT Bulletin (SB22-220):Vulnerability Summary for the Week of August 1, 2022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no high vulnerabilities recorded this week.

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no medium vulnerabilities recorded this week.

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
There were no low vulnerabilities recorded this week.

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
@acrontum — filesystem-template	The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.	2022-08-05	not yet calculated	CVE-2022-21186 CONFIRM CONFIRM
Ittiam — libmpeg2	Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.	2022-08-05	not yet calculated	CVE-2022-37416 MISC MISC
accusoft — imagegear	An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-29465 MISC
aes_crypt — aes_crypt	AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key.	2022-08-03	not yet calculated	CVE-2022-35928 MISC CONFIRM
alphaware_simple_e-commerce_system — alphaware_simple_e-commerce_system	A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input ‘”><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability.	2022-08-05	not yet calculated	CVE-2022-2682 MISC MISC
apache — hadoop	Apache Hadoop’s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. “Check existence of file before untarring/zipping”, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).	2022-08-04	not yet calculated	CVE-2022-25168 MISC
apache — jspwiki	A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.	2022-08-04	not yet calculated	CVE-2022-28730 MISC
apache — jspwiki	A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim.	2022-08-04	not yet calculated	CVE-2022-27166 MISC
apache — jspwiki	A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.	2022-08-04	not yet calculated	CVE-2022-28732 MISC
apache — jspwiki	A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.	2022-08-04	not yet calculated	CVE-2022-34158 MISC
apache — jspwiki	A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.	2022-08-04	not yet calculated	CVE-2022-28731 MISC
apartment_visitor_management_system — apartment_visitor_management_system	A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ‘ AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND ‘htiy’=’htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability.	2022-08-05	not yet calculated	CVE-2022-2677 MISC MISC
apartment_visitor_management_system — apartment_visitor_management_system	A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672.	2022-08-05	not yet calculated	CVE-2022-2684 MISC MISC
aplhaware_simple_e-commerce_system — aplhaware_simple_e-commerce_system	A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability.	2022-08-05	not yet calculated	CVE-2022-2678 MISC MISC
arista — cloudvision_portal	This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.	2022-08-05	not yet calculated	CVE-2022-29071 MISC
arista_networks — eos	This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass.	2022-08-05	not yet calculated	CVE-2021-28511 MISC
arm — mali_gpu_kernel_driver	An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.	2022-08-02	not yet calculated	CVE-2022-33917 MISC
arris — multiple_products	do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.	2022-08-04	not yet calculated	CVE-2022-31793 MISC MISC MISC MISC
artica — pandora_fms	Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.	2022-08-01	not yet calculated	CVE-2022-26308 CONFIRM CONFIRM
artica — pandora_fms	A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field.	2022-08-05	not yet calculated	CVE-2021-46678 CONFIRM CONFIRM
artica — pandora_fms	A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements.	2022-08-05	not yet calculated	CVE-2021-46679 CONFIRM CONFIRM
artica — pandora_fms	A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field.	2022-08-05	not yet calculated	CVE-2021-46680 CONFIRM
artica — pandora_fms	Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.	2022-08-01	not yet calculated	CVE-2022-26310 CONFIRM CONFIRM
artica — pandora_fms	A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.	2022-08-05	not yet calculated	CVE-2021-46677 CONFIRM CONFIRM
artica — pandora_fms	A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.	2022-08-05	not yet calculated	CVE-2021-46681 CONFIRM CONFIRM
artica– pandora_fms	Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.	2022-08-01	not yet calculated	CVE-2022-26309 CONFIRM CONFIRM
artica — pandora_fms	A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field.	2022-08-05	not yet calculated	CVE-2021-46676 CONFIRM CONFIRM
asustor — adm	A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.	2022-08-05	not yet calculated	CVE-2022-37398 MISC
asuswrt-merlin — asuswrt	A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-26376 MISC
atlassian — jira_data_center	This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1.	2022-08-01	not yet calculated	CVE-2022-36799 MISC
atlassian — jira_service_management_server_and_data_center	Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the “Browse Users” permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.	2022-08-03	not yet calculated	CVE-2022-36800 MISC
autodesk — autocad	Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-07-29	not yet calculated	CVE-2022-33881 MISC
autodesk — autodesk_design_review	A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.	2022-07-29	not yet calculated	CVE-2022-27866 MISC
autodesk — autodesk_design_review	A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.	2022-07-29	not yet calculated	CVE-2022-27865 MISC
autodesk — autodesk_design_review	A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.	2022-07-29	not yet calculated	CVE-2022-27864 MISC
autodesk — fusion_360	An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.	2022-07-29	not yet calculated	CVE-2022-27873 MISC
backdrop — backdrop	An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.	2022-08-01	not yet calculated	CVE-2022-34530 MISC MISC
beancount — fava	Cross-site Scripting (XSS) – Reflected in GitHub repository beancount/fava prior to 1.22.3.	2022-08-01	not yet calculated	CVE-2022-2589 CONFIRM MISC
best_fee_management_system — best_fee_management_system	A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability.	2022-08-05	not yet calculated	CVE-2022-2674 MISC
bigtree_cms — bigtree_cms	BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file.	2022-08-03	not yet calculated	CVE-2022-36197 MISC
bmc — track-it	This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.	2022-08-03	not yet calculated	CVE-2022-35864 MISC MISC
bmc — track-it	This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.	2022-08-03	not yet calculated	CVE-2022-35865 MISC MISC
boltcms — boltcms	The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.	2022-08-01	not yet calculated	CVE-2022-31321 MISC MISC
bookwyrm — bookwyrm	BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.	2022-08-02	not yet calculated	CVE-2022-35925 MISC CONFIRM MISC
bookwyrm — bookwyrm	Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.	2022-08-04	not yet calculated	CVE-2022-2651 CONFIRM MISC
bosch — bf-os	BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.	2022-08-01	not yet calculated	CVE-2022-36301 CONFIRM
bosch — bf-os	File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.	2022-08-01	not yet calculated	CVE-2022-36302 CONFIRM
centreon — centreon	This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335.	2022-08-03	not yet calculated	CVE-2022-34871 MISC MISC
centreon — centreon	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.	2022-08-03	not yet calculated	CVE-2022-34872 MISC MISC
chia_network — cat1	An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.	2022-07-29	not yet calculated	CVE-2022-36447 MISC MISC
church_management_system — church_management_system	A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ‘ OR (SELECT 7064 FROM(SELECT COUNT(),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)– jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668.	2022-08-05	not yet calculated	CVE-2022-2680 MISC MISC
ckeditor — ckeditor5	CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor/ckeditor5-markdown-gfm`, `@ckeditor/ckeditor5-html-support`, and `@ckeditor/ckeditor5-html-embed`. The specific conditions are 1) Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2) Destroying the editor instance and 3) Initializing the editor on an element and using an element other than `<textarea>` as a base. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization/destroy and use Markdown, General HTML Support or HTML embed features. The problem has been recognized and patched. The fix is available in version 35.0.1. There are no known workarounds for this issue.	2022-08-03	not yet calculated	CVE-2022-31175 CONFIRM MISC MISC MISC
company_website_cms — company_website_cms	A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability.	2022-08-06	not yet calculated	CVE-2022-2694 MISC MISC
complete_online_job_search system — complete_online_job_search system	Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit.	2022-08-05	not yet calculated	CVE-2022-35163 MISC
complete_online_job_search system — complete_online_job_search system	Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit.	2022-08-05	not yet calculated	CVE-2022-35162 MISC
connman — connman	In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.	2022-08-03	not yet calculated	CVE-2022-32293 CONFIRM MISC CONFIRM
connman — connman	In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.	2022-08-03	not yet calculated	CVE-2022-32292 MISC CONFIRM
contiki-ng — contiki-ng	Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654.	2022-08-04	not yet calculated	CVE-2022-35926 CONFIRM MISC MISC MISC
contiki-ng — contiki-ng	Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615.	2022-08-04	not yet calculated	CVE-2021-32771 MISC MISC CONFIRM MISC
contiki-ng — contiki-ng	Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue.	2022-08-04	not yet calculated	CVE-2022-35927 MISC CONFIRM MISC
cpcletop — io.socket:socket.io-client	The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.	2022-08-02	not yet calculated	CVE-2022-25867 MISC MISC MISC MISC MISC
crowcpp — crowcpp	Crow before v1.0+4 was discovered to contain a buffer overflow via the function qs_parse at query_string.h. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.	2022-08-04	not yet calculated	CVE-2022-34970 MISC MISC
curljs — curljs	This affects all versions of package curljs.	2022-08-02	not yet calculated	CVE-2020-28425 MISC
cvat — cvat	CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-31188 MISC CONFIRM
d-link — dir-818lw a1:dir818l_fw105b01	D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.	2022-08-03	not yet calculated	CVE-2022-35620 MISC MISC
d-link — dir820la1_fw106b02	D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.	2022-08-03	not yet calculated	CVE-2022-34974 MISC MISC
d-link — dsl-3782	D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160.	2022-07-29	not yet calculated	CVE-2022-34527 MISC MISC
d-link — dsl-3782	D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue.	2022-07-29	not yet calculated	CVE-2022-34528 MISC MISC
d-link — dir-818lw a1:dir818l_fw105b01	D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.	2022-08-03	not yet calculated	CVE-2022-35619 MISC MISC
d-link — dir820la1_fw106b02	D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.	2022-08-03	not yet calculated	CVE-2022-34973 MISC MISC
dd-wrt — dd-wrt	A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 – Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-27631 MISC
dedecms — dedecms	DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php.	2022-07-29	not yet calculated	CVE-2022-34531 MISC
devexpress — devexpress	This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710.	2022-08-03	not yet calculated	CVE-2022-28684 MISC
discourse — discourse	Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse’s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2022-08-01	not yet calculated	CVE-2022-31182 MISC CONFIRM
discourse — discourse	Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.	2022-08-01	not yet calculated	CVE-2022-31184 CONFIRM MISC
django — django	An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.	2022-08-03	not yet calculated	CVE-2022-36359 MISC CONFIRM MISC MLIST
dogtagpki — dogtagpki	Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.	2022-07-29	not yet calculated	CVE-2022-2414 MISC
dotcms — dotcms	A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false.	2022-08-05	not yet calculated	CVE-2022-37431 MISC
dpgaspar — flash-appbuilder	Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-31177 CONFIRM MISC
dspace — jspui	DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges (submitter rights). This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds. However, this vulnerability cannot be exploited by an anonymous user or a basic user. The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability.	2022-08-01	not yet calculated	CVE-2022-31194 CONFIRM MISC MISC
dspace — jspui	DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck “Did you mean” HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-31191 MISC MISC MISC MISC CONFIRM
dspace — jspui	DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges (either Administrators or someone with command-line access to the server). This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to /admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path “/xmlui”, then you’d need to block access to /xmlui/admin/batchimport. If you are using the JSPUI, block all access to /dspace-admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path “/jspui”, then you’d need to block access to /jspui/dspace-admin/batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import/upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability.	2022-08-01	not yet calculated	CVE-2022-31195 MISC CONFIRM MISC
dspace — jspui	DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker’s choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.	2022-08-01	not yet calculated	CVE-2022-31193 MISC MISC CONFIRM
dspace — jspui	DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2022-08-01	not yet calculated	CVE-2022-31192 MISC CONFIRM MISC
dspace — jspui	DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an “Internal System Error” occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.	2022-08-01	not yet calculated	CVE-2022-31189 CONFIRM MISC
dspace — xmlui	DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI “mets.xml” object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.	2022-08-01	not yet calculated	CVE-2022-31190 CONFIRM MISC MISC
easyuse — mailhunter_ultimate	EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service.	2022-08-02	not yet calculated	CVE-2022-35223 MISC
eclipse — californium	In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.	2022-07-29	not yet calculated	CVE-2022-2576 CONFIRM
elabftw — elabftw	eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-31178 CONFIRM
electronic_medical_records_system — electronic_medical_records_system	A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664.	2022-08-05	not yet calculated	CVE-2022-2676 MISC MISC
electronic_medical_records_system — electronic_medical_records_system	A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816.	2022-08-06	not yet calculated	CVE-2022-2693 MISC MISC
enalean — tuleap	Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-31128 CONFIRM MISC MISC MISC
ercom — citadel	The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.	2022-08-02	not yet calculated	CVE-2022-1293 MISC
estsoft — alyac	An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-29886 MISC
estsoft — alyac	An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-32543 MISC
evmos — ethermint	Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract’s code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.	2022-08-05	not yet calculated	CVE-2022-35936 MISC MISC CONFIRM
exim — exim	Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.	2022-08-06	not yet calculated	CVE-2022-37451 MISC MISC MISC MISC MISC MISC MISC MISC
expense_management_system — expense_management_system	A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811.	2022-08-06	not yet calculated	CVE-2022-2688 MISC
f-secure — atlant_and_withsecure	A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.	2022-08-05	not yet calculated	CVE-2022-28880 MISC MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-34651 MISC
f5 — big-ip	In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-34851 MISC
f5 — big-ip	In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-34655 MISC
f5 — big-ip	In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-35272 MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-35245 MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-35240 MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-35243 MISC
f5 — big-ip	In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user’s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-35728 MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-35735 MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker’s control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-34844 MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-34862 MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-35236 MISC
f5 — big-ip	In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-34865 MISC
f5 — big-ip	In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-33962 MISC
f5 — big-ip	In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-33968 MISC
f5 — big_ip	In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-32455 MISC
f5 — big_ip	In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-33203 MISC
f5 — big_ip	In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-33947 MISC
f5 — nginx_ingress_controller	In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-30535 MISC
f5 — nginx_instance_manager	In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-35241 MISC
f5 — big-ip	In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	2022-08-04	not yet calculated	CVE-2022-31473 MISC
flask_security — flask_security	This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using ‘autocorrect_location_header=False. Note: Flask-Security is not maintained anymore.	2022-08-02	not yet calculated	CVE-2021-23385 MISC MISC MISC
fortinet — fortiadc	A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.	2022-08-03	not yet calculated	CVE-2022-27484 CONFIRM
fortinet — fortios	An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.	2022-08-03	not yet calculated	CVE-2022-23442 CONFIRM
fortinet — multiple_products	A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.	2022-08-05	not yet calculated	CVE-2022-22299 CONFIRM
foxit — pdf_reader_and_pdf_editor	Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference.	2022-08-06	not yet calculated	CVE-2022-27944 MISC MISC
foxit — pdf_reader_and_pdf_editor	Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL.	2022-08-06	not yet calculated	CVE-2022-26979 MISC MISC
freshtomato — freshtomato	A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption.	2022-08-05	not yet calculated	CVE-2022-28665 MISC
freshtomato — freshtomato	A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption.	2022-08-05	not yet calculated	CVE-2022-28664 MISC
friendsofflarum — byobu	fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum’s users and choose to disable the extension if needed. There are no workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-35921 CONFIRM MISC
frrouting — frrouting	An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.	2022-08-02	not yet calculated	CVE-2022-37035 MISC MISC
garage_management_system — garage_management_system	A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2’%20UNION%20select%2011,user(),333,444–+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	2022-07-29	not yet calculated	CVE-2022-2577 MISC MISC
garage_management_system — garage_management_system	A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	2022-07-29	not yet calculated	CVE-2022-2578 MISC MISC
garage_management_system — garage_management_system	A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655.	2022-08-05	not yet calculated	CVE-2022-2671 MISC
garage_management_system — garage_management_system	A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\”><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability.	2022-08-04	not yet calculated	CVE-2022-2645 MISC
garage_management_system — garage_management_system	A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656.	2022-08-05	not yet calculated	CVE-2022-2672 MISC
garage_management_system — garage_management_system	A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src=”” onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	2022-07-29	not yet calculated	CVE-2022-2579 MISC MISC
get-npm-package-version — get-npm-package-version	The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.	2022-08-02	not yet calculated	CVE-2020-7795 MISC MISC MISC MISC
getlaminas — laminas-diactoros	laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a `Laminas\Diactoros\Uri` instance associated with the incoming server request modified to reflect values from `X-Forwarded-` headers. Such changes can potentially lead to XSS attacks (if a fully-qualified URL is used in links) and/or URL poisoning. Since the `X-Forwarded-` headers do have valid use cases, particularly in clustered environments using a load balancer, the library offers mitigation measures only in the v2 releases, as doing otherwise would break these use cases immediately. Users of v2 releases from 2.11.1 can provide an additional argument to `Laminas\Diactoros\ServerRequestFactory::fromGlobals()` in the form of a `Laminas\Diactoros\RequestFilter\RequestFilterInterface` instance, including the shipped `Laminas\Diactoros\RequestFilter\NoOpRequestFilter` implementation which ignores the `X-Forwarded-` headers. Starting in version 3.0, the library will reverse behavior to use the `NoOpRequestFilter` by default, and require users to opt-in to `X-Forwarded-` header usage via a configured `Laminas\Diactoros\RequestFilter\LegacyXForwardedHeaderFilter` instance. Users are advised to upgrade to version 2.11.1 or later to resolve this issue. Users unable to upgrade may configure web servers to reject `X-Forwarded-*` headers at the web server level.	2022-08-01	not yet calculated	CVE-2022-31109 MISC CONFIRM MISC
gitblame — gitblame	This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.	2022-08-02	not yet calculated	CVE-2020-28434 MISC
github — enterprise_server	A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github’s Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.	2022-08-02	not yet calculated	CVE-2022-23733 CONFIRM CONFIRM CONFIRM
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.	2022-08-05	not yet calculated	CVE-2022-2539 MISC CONFIRM
gitlab — ce/ee	An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project’s Deploy Key’s public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.	2022-08-05	not yet calculated	CVE-2022-2095 CONFIRM MISC MISC
gitlab — ce/ee	A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.	2022-08-05	not yet calculated	CVE-2022-2307 CONFIRM MISC
gitlab — ce/ee	A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.	2022-08-05	not yet calculated	CVE-2022-2500 CONFIRM MISC MISC
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.	2022-08-05	not yet calculated	CVE-2022-2534 MISC CONFIRM
gitlab — ce/ee	An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.	2022-08-05	not yet calculated	CVE-2022-2459 MISC MISC CONFIRM
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user’s email address as an unverified secondary email.	2022-08-05	not yet calculated	CVE-2022-2326 MISC MISC CONFIRM
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious maintainer could exfiltrate an integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.	2022-08-05	not yet calculated	CVE-2022-2497 MISC CONFIRM MISC
gitlab — ce/ee	Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project.	2022-08-05	not yet calculated	CVE-2022-2417 MISC CONFIRM
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.	2022-08-05	not yet calculated	CVE-2022-2512 MISC CONFIRM
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA.	2022-08-05	not yet calculated	CVE-2022-2303 MISC MISC CONFIRM
gitlab — ce/ee	An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.	2022-08-05	not yet calculated	CVE-2022-2456 MISC MISC CONFIRM
gitlab — ee	An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.	2022-08-05	not yet calculated	CVE-2022-2531 MISC CONFIRM MISC
gitlab — ee	An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.	2022-08-05	not yet calculated	CVE-2022-2501 CONFIRM MISC MISC
gitlab — ee	An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription’s author.	2022-08-05	not yet calculated	CVE-2022-2498 MISC CONFIRM MISC
gitlab — ee	An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab’s Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.	2022-08-05	not yet calculated	CVE-2022-2499 CONFIRM MISC MISC
gnu_affero — minio	MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all ‘admin’ users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.	2022-08-01	not yet calculated	CVE-2022-35919 MISC MISC CONFIRM
gnutls — gnutls	A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.	2022-08-01	not yet calculated	CVE-2022-2509 MISC MISC
go_ethereum — go_ethereum	Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.	2022-08-05	not yet calculated	CVE-2022-37450 MISC MISC MISC MISC
google — android	In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553.	2022-08-01	not yet calculated	CVE-2022-26431 MISC
google — android	In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486.	2022-08-01	not yet calculated	CVE-2022-26426 MISC
google — android	In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059.	2022-08-01	not yet calculated	CVE-2022-21791 MISC
google — android	In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID: ALPS07138450.	2022-08-01	not yet calculated	CVE-2022-26434 MISC
google — android	In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400.	2022-08-01	not yet calculated	CVE-2022-26433 MISC
google — android	In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542; Issue ID: ALPS07032542.	2022-08-01	not yet calculated	CVE-2022-26432 MISC
google — android	In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260.	2022-08-01	not yet calculated	CVE-2022-26428 MISC
google — android	In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410.	2022-08-01	not yet calculated	CVE-2022-21792 MISC
google — android	In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521.	2022-08-01	not yet calculated	CVE-2022-26430 MISC
google — android	In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728.	2022-08-01	not yet calculated	CVE-2022-21788 MISC
google — android	In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415.	2022-08-01	not yet calculated	CVE-2022-26429 MISC
google — android	In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.	2022-08-01	not yet calculated	CVE-2022-21789 MISC
google — android	In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435.	2022-08-01	not yet calculated	CVE-2022-26435 MISC
google — android	In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306.	2022-08-01	not yet calculated	CVE-2022-21790 MISC
google — android	In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540.	2022-08-01	not yet calculated	CVE-2022-26427 MISC
google — android	In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666.	2022-08-01	not yet calculated	CVE-2022-26436 MISC
google — android	EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote).	2022-07-30	not yet calculated	CVE-2022-30083 MISC
google — google_play_services_software_development_kit	Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.	2022-07-29	not yet calculated	CVE-2022-1799 MISC
graphql-go — graphql-go	graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.	2022-08-01	not yet calculated	CVE-2022-37315 MISC
graphql-rust — juniper	Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually.	2022-08-01	not yet calculated	CVE-2022-31173 MISC MISC MISC CONFIRM
grummunio — gromox	Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.	2022-08-04	not yet calculated	CVE-2022-37030 MISC MISC
gvret — gvret	GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp.	2022-08-03	not yet calculated	CVE-2022-35161 MISC
gym_management_system — gym_management_system	A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability.	2022-08-06	not yet calculated	CVE-2022-2687 MISC MISC
hcl_commerce — remote_store_server	HCL Commerce’s Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.	2022-07-30	not yet calculated	CVE-2021-27785 MISC
hcl_software — launch	HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking.	2022-08-03	not yet calculated	CVE-2022-27551 CONFIRM
heroku-env — heroku-env	This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.	2022-08-02	not yet calculated	CVE-2020-28437 MISC
hestiacp — hestiacp	Improper Input Validation in GitHub repository hestiacp/hestiacp prior to 1.6.6.	2022-08-05	not yet calculated	CVE-2022-2636 CONFIRM MISC
hestiacp — hestiacp	Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.	2022-08-05	not yet calculated	CVE-2022-2626 MISC CONFIRM
hiby — r3_pro_firmware	Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.	2022-07-29	not yet calculated	CVE-2022-34496 MISC MISC
hinet — hicos_citizen_verification	HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.	2022-08-02	not yet calculated	CVE-2022-35222 MISC
ibm — cics_tx	IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333.	2022-08-01	not yet calculated	CVE-2022-34163 CONFIRM CONFIRM XF
ibm — cics_tx	IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.	2022-08-01	not yet calculated	CVE-2022-34161 CONFIRM XF CONFIRM
ibm — cics_tx	IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436.	2022-08-01	not yet calculated	CVE-2022-34307 XF CONFIRM CONFIRM
ibm — cics_tx	IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338.	2022-08-01	not yet calculated	CVE-2022-34164 CONFIRM CONFIRM XF
ibm — cics_tx	IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332.	2022-08-01	not yet calculated	CVE-2022-34162 CONFIRM CONFIRM XF
ibm — cics_tx	IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.	2022-08-01	not yet calculated	CVE-2022-33955 CONFIRM XF CONFIRM
ibm — datapower_gateway	IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359.	2022-08-01	not yet calculated	CVE-2022-31775 XF CONFIRM
ibm — datapower_gateway	IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435.	2022-08-01	not yet calculated	CVE-2022-32750 CONFIRM XF
ibm — datapower_gateway	IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.	2022-08-01	not yet calculated	CVE-2022-31776 XF CONFIRM
ibm — datapower_gateway	IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358.	2022-08-01	not yet calculated	CVE-2022-31774 CONFIRM XF
ibm — datapower_gateway	IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.	2022-08-01	not yet calculated	CVE-2022-22326 CONFIRM CONFIRM XF
ibm — powervm_vios	IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956.	2022-07-29	not yet calculated	CVE-2022-35643 CONFIRM XF
ibm — robotic_process_automation	IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962.	2022-08-01	not yet calculated	CVE-2022-34338 XF CONFIRM
ibm — robotic_process_automation	IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288.	2022-08-01	not yet calculated	CVE-2022-22505 CONFIRM XF
ibm — robotic_process_automation	IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.	2022-08-01	not yet calculated	CVE-2022-30616 XF CONFIRM
ibm — robotic_process_automation	IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.	2022-08-01	not yet calculated	CVE-2022-22334 CONFIRM XF
ibm — robotic_process_automation	IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888.	2022-08-01	not yet calculated	CVE-2022-33169 XF CONFIRM
ibm — urbancode_deploy	IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.	2022-08-01	not yet calculated	CVE-2022-35716 XF CONFIRM
image-tiler — image-tiler	This affects the package image-tiler before 2.0.2.	2022-08-02	not yet calculated	CVE-2020-28451 MISC MISC
imbrn — v8n	NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails (eg.: `[email protected],[email protected]`) to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim’s e-mail addresses. The attacker could then login as a newly created user with the email being `[email protected],[email protected]`. This means that basic authorization like `email.endsWith(“@victim.com”)` in the `signIn` callback would fail to communicate a threat to the developer and would let the attacker bypass authorization, even with an `@attacker.com` address. This vulnerability has been patched in `v4.10.3` and `v3.29.10` by normalizing the email value that is sent to the sign-in endpoint before accessing it anywhere else. We also added a `normalizeIdentifier` callback on the `EmailProvider` configuration, where you can further tweak your requirements for what your system considers a valid e-mail address. (E.g.: strict RFC2821 compliance). Users are advised to upgrade. There are no known workarounds for this vulnerability. If for some reason you cannot upgrade, you can normalize the incoming request using Advanced Initialization.	2022-08-02	not yet calculated	CVE-2022-35924 MISC CONFIRM MISC MISC MISC MISC MISC MISC
imbrn — v8n	v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of ‘a’ + ‘a’.repeat(i) + ‘A’ with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-02	not yet calculated	CVE-2022-35923 CONFIRM MISC MISC
inavitas — solar_log	Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.	2022-07-29	not yet calculated	CVE-2022-1277 CONFIRM
inductive_automation — ignition	Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.	2022-08-05	not yet calculated	CVE-2022-1704 MISC
interview_management_system — interview_management_system	A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability.	2022-08-05	not yet calculated	CVE-2022-2685 MISC MISC MISC
interview_management_system — interview_management_system	A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667.	2022-08-05	not yet calculated	CVE-2022-2679 MISC MISC
itpison — omicard_edm	OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.	2022-08-04	not yet calculated	CVE-2022-35216 MISC
itpison — omnicard_edm	OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.	2022-08-04	not yet calculated	CVE-2022-32965 MISC
itpison — omnicard_edm	OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.	2022-08-04	not yet calculated	CVE-2022-32963 MISC
itpison — omnicard_edm	OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.	2022-08-04	not yet calculated	CVE-2022-32964 MISC
jeecg-boot — jeecg-boot	A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability.	2022-08-04	not yet calculated	CVE-2022-2647 MISC MISC
jetbrains — rider	In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution	2022-08-03	not yet calculated	CVE-2022-37396 MISC
jflyfox — jfinal_cms	JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.	2022-08-03	not yet calculated	CVE-2022-34928 MISC
kaspersky — vpn_secure_connection	Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its ‘Delete All Service Data And Reports’ feature by the local authenticated attacker.	2022-08-05	not yet calculated	CVE-2022-27535 MISC
keycloak — keycloak	An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled	2022-08-05	not yet calculated	CVE-2022-2668 MISC
krakend — multiple_products	Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable.	2022-08-01	not yet calculated	CVE-2022-1561 CONFIRM CONFIRM
kromit — titra	Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.	2022-08-01	not yet calculated	CVE-2022-2595 MISC CONFIRM
kvm — kvm	A flaw was found in KVM. When updating a guest’s page table entry, vm_pgoff was improperly used as the offset to get the page’s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.	2022-08-05	not yet calculated	CVE-2022-1158 MISC MISC
landray — landling_oa	Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.	2022-08-02	not yet calculated	CVE-2022-34924 MISC MISC
laravel — laravel	Laravel v5.1 was discovered to contain a remote code execution (RCE) vulnerability via the component ChanceGenerator in __call.	2022-08-03	not yet calculated	CVE-2022-34943 MISC
libtiff — libtiff	A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file.	2022-07-29	not yet calculated	CVE-2022-34526 MISC FEDORA
linux — linux_kernel	A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.	2022-08-05	not yet calculated	CVE-2022-1012 MISC
linux — linux_kernel	A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.	2022-08-05	not yet calculated	CVE-2022-1973 MISC
loan_management_system — loan_management_system	A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.	2022-08-05	not yet calculated	CVE-2022-2667 MISC MISC
luadec — luadec	Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending.	2022-08-03	not yet calculated	CVE-2022-34992 MISC
makedeb — mprweb	mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account’s email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed.	2022-08-01	not yet calculated	CVE-2022-31185 MISC CONFIRM
mango — mango	An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins.	2022-08-01	not yet calculated	CVE-2022-34567 MISC MISC MISC MISC
mealie — mealie	A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field.	2022-08-02	not yet calculated	CVE-2022-34619 MISC MISC MISC MISC MISC
mealie — mealie	A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field.	2022-08-02	not yet calculated	CVE-2022-34618 MISC MISC MISC MISC MISC
mealie — mealie	Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.	2022-08-02	not yet calculated	CVE-2022-34613 MISC MISC MISC MISC
mealie — mealie	Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template.	2022-08-02	not yet calculated	CVE-2022-34625 MISC MISC MISC MISC MISC
mediatek — chipsets_in_multiple_products	In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088.	2022-08-01	not yet calculated	CVE-2022-26445 MISC
mediatek — chipsets_in_multiple_products	In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075; Issue ID: GN20220420075.	2022-08-01	not yet calculated	CVE-2022-26444 MISC
mediatek — chipsets_in_multiple_products	In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068; Issue ID: GN20220420068.	2022-08-01	not yet calculated	CVE-2022-26443 MISC
mediatek — chipsets_in_multiple_products	In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051.	2022-08-01	not yet calculated	CVE-2022-26442 MISC
mediatek — chipsets_in_multiple_products	In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044; Issue ID: GN20220420044.	2022-08-01	not yet calculated	CVE-2022-26441 MISC
mediatek — chipsets_in_multiple_products	In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037.	2022-08-01	not yet calculated	CVE-2022-26440 MISC
mediatek — chipsets_in_multiple_products	In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013.	2022-08-01	not yet calculated	CVE-2022-26438 MISC
mediatek — chipsets_in_multiple_products	In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020.	2022-08-01	not yet calculated	CVE-2022-26439 MISC
mediatek — chipsets_in_multiple_products	In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831.	2022-08-01	not yet calculated	CVE-2022-26437 MISC
michlol-rashim — michlol-rashim	Michlol – rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.	2022-08-05	not yet calculated	CVE-2022-34769 MISC
milkytracker — milkytracker	MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.	2022-08-03	not yet calculated	CVE-2022-34927 MISC MISC
monetdb — monetdb	The assertion `stmt->Dbc->FirstStmt’ failed in MonetDB Database Server v11.43.13.	2022-08-03	not yet calculated	CVE-2022-34967 MISC
monorepo-build — monorepo-build	This affects all versions of package monorepo-build.	2022-08-02	not yet calculated	CVE-2020-28423 MISC
moodle — moodle	In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the ‘access all groups’ capability were not restricted to viewing grades of users within their own groups.	2022-08-05	not yet calculated	CVE-2020-1754 MISC
moodle — moodle	In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.	2022-08-05	not yet calculated	CVE-2020-1691 MISC
multi_language_hotel_management_software — multi_language_hotel_management_software	A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596.	2022-08-04	not yet calculated	CVE-2022-2656 MISC MISC
multi_language_hotel_management_software — multi_language_hotel_management_software	A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595.	2022-08-04	not yet calculated	CVE-2022-2648 MISC MISC
next.js — nextauth.js	NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider’s secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs.	2022-08-01	not yet calculated	CVE-2022-31186 MISC MISC CONFIRM MISC
nextcloud — mail	Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration.	2022-08-04	not yet calculated	CVE-2022-31119 CONFIRM MISC MISC
nextcloud — mail	Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php`	2022-08-04	not yet calculated	CVE-2022-31132 CONFIRM
nextcloud — server	Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`.	2022-08-04	not yet calculated	CVE-2022-31118 CONFIRM MISC
nextcloud — server	Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.	2022-08-04	not yet calculated	CVE-2022-31120 CONFIRM MISC MISC
nhi_card — nhi_card	The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.	2022-08-02	not yet calculated	CVE-2022-35218 MISC
nhi_card — nhi_card	The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.	2022-08-02	not yet calculated	CVE-2022-35219 MISC
nhi_card — nhi_card	The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.	2022-08-02	not yet calculated	CVE-2022-35217 MISC
nlnet_labs — unbound	NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.	2022-08-01	not yet calculated	CVE-2022-30699 CONFIRM
nlnet_labs — unbound	NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound’s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.	2022-08-01	not yet calculated	CVE-2022-30698 CONFIRM
node-fetch — node-fetch	Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10.	2022-08-01	not yet calculated	CVE-2022-2596 MISC CONFIRM
node-latex-pdf — node-latex-pdf	This affects all versions of package node-latex-pdf.	2022-08-02	not yet calculated	CVE-2020-28433 MISC
npos-tesseract — npos-tesseract	This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.	2022-08-02	not yet calculated	CVE-2020-28453 MISC
nvidia — vgpu_software	NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure.	2022-08-05	not yet calculated	CVE-2022-31614 MISC
nvidia — vgpu_software	NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service.	2022-08-05	not yet calculated	CVE-2022-31618 MISC
nvidia — vgpu_software	NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.	2022-08-05	not yet calculated	CVE-2022-31609 MISC
online_admission_system — online_admission_system	A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability.	2022-08-04	not yet calculated	CVE-2022-2644 MISC MISC
online_admission_system — online_admission_system	A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8</h3><script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572.	2022-08-04	not yet calculated	CVE-2022-2646 MISC MISC
online_admission_system — online_admission_system	A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564.	2022-08-04	not yet calculated	CVE-2022-2643 MISC MISC
online_student_admission_system — online_student_admission_system	A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability.	2022-08-05	not yet calculated	CVE-2022-2681 MISC MISC
online_tours_and_travels_management_system — online_tours_and_travels_management_system	Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php.	2022-08-02	not yet calculated	CVE-2022-35421 MISC
openstack — nova	An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.	2022-08-03	not yet calculated	CVE-2022-37394 MISC MISC MISC
openzeppelin — contracts	OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-35916 MISC CONFIRM
openzeppelin — contracts	OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-35915 MISC CONFIRM
openzeppelin — contracts	OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token’s total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.	2022-08-01	not yet calculated	CVE-2022-31198 MISC CONFIRM
oretnom23 — fast_food_ordering_system	A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability.	2022-08-06	not yet calculated	CVE-2022-2686 MISC MISC
percona — percona_server_for_mysql	An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query.	2022-08-03	not yet calculated	CVE-2022-34968 MISC
pgjdbc — pgjdbc	PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application’s JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who’s column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application’s JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-03	not yet calculated	CVE-2022-31197 MISC CONFIRM
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php.	2022-08-02	not yet calculated	CVE-2022-34953 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php.	2022-08-02	not yet calculated	CVE-2022-34952 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.	2022-08-02	not yet calculated	CVE-2022-34951 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php.	2022-08-02	not yet calculated	CVE-2022-34950 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php.	2022-08-02	not yet calculated	CVE-2022-34949 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php.	2022-08-02	not yet calculated	CVE-2022-34954 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.	2022-08-02	not yet calculated	CVE-2022-34948 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.	2022-08-02	not yet calculated	CVE-2022-34947 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.	2022-08-02	not yet calculated	CVE-2022-34946 MISC
pharmacy_management_system — pharmacy_management_system	Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.	2022-08-02	not yet calculated	CVE-2022-34945 MISC
pingcap — pingcap_tidb	PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference.	2022-08-03	not yet calculated	CVE-2022-34969 MISC
plankanban — planka	With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.	2022-08-04	not yet calculated	CVE-2022-2653 MISC CONFIRM
pligg — pligg_cms	Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.	2022-08-02	not yet calculated	CVE-2022-34955 MISC
pligg — pligg_cms	Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.	2022-08-02	not yet calculated	CVE-2022-34956 MISC
prestashop — prestashop	PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP’s Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature.	2022-08-01	not yet calculated	CVE-2022-31181 MISC MISC CONFIRM
private_cloud_management_platform — private_cloud_management_platform	A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability.	2022-08-05	not yet calculated	CVE-2022-2664 MISC
progress — ws-ftp_server	In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator’s web session. This would allow the attacker to execute code within the context of the victim’s browser.	2022-08-02	not yet calculated	CVE-2022-36967 MISC MISC
progress — ws-ftp_server	In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.	2022-08-02	not yet calculated	CVE-2022-36968 MISC MISC
pyrocms — pyrocms	PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.	2022-08-01	not yet calculated	CVE-2022-35118 MISC MISC
quest — kace_systems_management_appliance	In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.	2022-08-02	not yet calculated	CVE-2022-29808 MISC MISC
quest — kace_systems_management_appliance	A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.	2022-08-02	not yet calculated	CVE-2022-29807 MISC MISC
quest — kace_systems_management_appliance	In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.	2022-08-02	not yet calculated	CVE-2022-30285 MISC MISC
rapid7 — velociraptor	A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2.	2022-07-29	not yet calculated	CVE-2022-35630 CONFIRM
rapid7 — velociraptor	On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2.	2022-07-29	not yet calculated	CVE-2022-35631 CONFIRM
rapid7 — velociraptor	The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2.	2022-07-29	not yet calculated	CVE-2022-35632 CONFIRM
rapid7 — velociraptor	Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2.	2022-07-29	not yet calculated	CVE-2022-35629 CONFIRM
realtek — e-cos_rsdk	In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.	2022-08-01	not yet calculated	CVE-2022-27255 MISC MISC
renato — renato	Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability.	2022-08-04	not yet calculated	CVE-2022-35144 MISC MISC MISC MISC
renato — renato	Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.	2022-08-04	not yet calculated	CVE-2022-35143 MISC MISC MISC MISC
renato — renato	An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter.	2022-08-04	not yet calculated	CVE-2022-35142 MISC MISC MISC MISC
rigatur — online_booking_and_hotel_management_system	A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability.	2022-08-05	not yet calculated	CVE-2022-2673 MISC
rsync — rsync	An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).	2022-08-02	not yet calculated	CVE-2022-29154 MLIST MISC
s3-kilatstorage — s3-kilatstorage	This affects all versions of package s3-kilatstorage.	2022-08-02	not yet calculated	CVE-2020-28424 MISC
samsung — cameralyzer	Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.	2022-08-05	not yet calculated	CVE-2022-36832 MISC
samsung — charm	PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.	2022-08-05	not yet calculated	CVE-2022-36830 MISC
samsung — charm	Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.	2022-08-05	not yet calculated	CVE-2022-33734 MISC
samsung — charm	Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.	2022-08-05	not yet calculated	CVE-2022-36836 MISC
samsung — charm	PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.	2022-08-05	not yet calculated	CVE-2022-36829 MISC
samsung — charm	Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.	2022-08-05	not yet calculated	CVE-2022-33733 MISC
samsung — checkout	SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.	2022-08-05	not yet calculated	CVE-2022-36839 MISC
samsung — galaxy_wearable	Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.	2022-08-05	not yet calculated	CVE-2022-36838 MISC
samsung — game_launcher	Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.	2022-08-05	not yet calculated	CVE-2022-36834 MISC
samsung — game_optimizing_service	Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.	2022-08-05	not yet calculated	CVE-2022-36833 MISC
samsung — internet_browser	Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.	2022-08-05	not yet calculated	CVE-2022-36835 MISC
samsung — internet_browser	Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.	2022-08-05	not yet calculated	CVE-2022-36837 MISC
samsung — mtower	The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.	2022-08-04	not yet calculated	CVE-2022-35858 MISC MISC
samsung — multiple_products	Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.	2022-08-05	not yet calculated	CVE-2022-33724 MISC
samsung — multiple_products	Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.	2022-08-05	not yet calculated	CVE-2022-33729 MISC
samsung — multiple_products	A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.	2022-08-05	not yet calculated	CVE-2022-33727 MISC
samsung — multiple_products	Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.	2022-08-05	not yet calculated	CVE-2022-33730 MISC
samsung — multiple_products	Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.	2022-08-05	not yet calculated	CVE-2022-33731 MISC
samsung — multiple_products	Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.	2022-08-05	not yet calculated	CVE-2022-33732 MISC
samsung — multiple_products	Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.	2022-08-05	not yet calculated	CVE-2022-33726 MISC
samsung — multiple_products	Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.	2022-08-05	not yet calculated	CVE-2022-33720 MISC
samsung — multiple_products	A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.	2022-08-05	not yet calculated	CVE-2022-33725 MISC
samsung — multiple_products	A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.	2022-08-05	not yet calculated	CVE-2022-33723 MISC
samsung — multiple_products	Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.	2022-08-05	not yet calculated	CVE-2022-33719 MISC
samsung — multiple_products	Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.	2022-08-05	not yet calculated	CVE-2022-33728 MISC
samsung — multiple_products	An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.	2022-08-05	not yet calculated	CVE-2022-33718 MISC
samsung — multiple_products	A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.	2022-08-05	not yet calculated	CVE-2022-33717 MISC
samsung — multiple_products	An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.	2022-08-05	not yet calculated	CVE-2022-33716 MISC
samsung — multiple_products	Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.	2022-08-05	not yet calculated	CVE-2022-33722 MISC
samsung — multiple_products	A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.	2022-08-05	not yet calculated	CVE-2022-33721 MISC
samsung — multiple_products	Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.	2022-08-05	not yet calculated	CVE-2022-33714 MISC
samsung — multiple_products	Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.	2022-08-05	not yet calculated	CVE-2022-33715 MISC
samsung — notes	Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.	2022-08-05	not yet calculated	CVE-2022-36831 MISC
samsung — update_setup	DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.	2022-08-05	not yet calculated	CVE-2022-36840 MISC
sanic — sanic	Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.	2022-08-01	not yet calculated	CVE-2022-35920 MISC CONFIRM MISC
sante — dicom_viewer_pro	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679.	2022-08-03	not yet calculated	CVE-2022-28668 MISC
sante — pacs_server	This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331.	2022-08-03	not yet calculated	CVE-2022-2272 MISC
scala — fs2	fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection.	2022-08-01	not yet calculated	CVE-2022-31183 CONFIRM MISC MISC
shescape — shescape	Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`’\n’`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`’\n’`) can be stripped out manually or the user input can be made the last argument (this only limits the impact).	2022-08-01	not yet calculated	CVE-2022-31179 MISC CONFIRM MISC
shescape — shescape	Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. The result is that if an attacker is able to include whitespace in their input they can: 1. Invoke shell-specific behaviour through shell-specific special characters inserted directly after whitespace. 2. Invoke shell-specific behaviour through shell-specific special characters inserted or appearing after line terminating characters. 3. Invoke arbitrary commands by inserting a line feed character. 4. Invoke arbitrary commands by inserting a carriage return character. Behaviour number 1 has been patched in [v1.5.7] which you can upgrade to now. No further changes are required. Behaviour number 2, 3, and 4 have been patched in [v1.5.8] which you can upgrade to now. No further changes are required. The best workaround is to avoid having to use the `interpolation: true` option – in most cases using an alternative is possible, see [the recipes](https://github.com/ericcornelissen/shescape#recipes) for recommendations. Alternatively, users may strip all whitespace from user input. Note that this is error prone, for example: for PowerShell this requires stripping `’\u0085’` which is not included in JavaScript’s definition of `\s` for Regular Expressions.	2022-08-01	not yet calculated	CVE-2022-31180 MISC MISC MISC MISC CONFIRM
shopware — shopware	Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-31148 CONFIRM MISC MISC
sigstore — cosign	cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `–type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (–type defaults to “custom”). This can happen when signing with a standard keypair and with “keyless” signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation –type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-04	not yet calculated	CVE-2022-35929 MISC CONFIRM
sigstore — policycontroller	PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (–type defaults to “custom”). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade.	2022-08-04	not yet calculated	CVE-2022-35930 MISC CONFIRM MISC
simple_e-learning_system — simple_e-learning_system	A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615.	2022-08-05	not yet calculated	CVE-2022-2665 MISC
simple_food_ordereing_system — simple_food_ordereing_system	A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input “><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671.	2022-08-05	not yet calculated	CVE-2022-2683 MISC MISC
solana-labs — pay	Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-35917 MISC MISC CONFIRM MISC
sonicwall — email_security	Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions	2022-07-29	not yet calculated	CVE-2022-2324 CONFIRM
sonicwall — multiple_products	Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.	2022-07-29	not yet calculated	CVE-2022-22280 CONFIRM
sonicwall — switch	Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions	2022-07-29	not yet calculated	CVE-2022-2323 CONFIRM
sourcegraph — sourcegraph	Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended.	2022-08-01	not yet calculated	CVE-2022-31154 CONFIRM MISC
sourcegraph — sourcegraph	Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other usersâ€™ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other usersâ€™ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended.	2022-08-01	not yet calculated	CVE-2022-31155 MISC CONFIRM
sqlite — sqlite	SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.	2022-08-03	not yet calculated	CVE-2022-35737 MISC MISC
streamlit — streamlit	Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.	2022-08-01	not yet calculated	CVE-2022-35918 CONFIRM MISC
supersmart.me — supersmart.me	Supersmart.me – Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer’s cart without verification. Because the number of purchases is serial.	2022-08-05	not yet calculated	CVE-2022-34768 MISC
synology — calendar	Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors.	2022-08-03	not yet calculated	CVE-2022-27617 CONFIRM
synology — diskstation_manager	Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.	2022-08-03	not yet calculated	CVE-2022-27616 CONFIRM
synology — note_station_client	Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.	2022-08-03	not yet calculated	CVE-2022-27619 CONFIRM
synology — sso_server	Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.	2022-08-03	not yet calculated	CVE-2022-27620 CONFIRM
synology — storage_analyzer	Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.	2022-08-03	not yet calculated	CVE-2022-27618 CONFIRM
synology — usb_copy	Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.	2022-08-03	not yet calculated	CVE-2022-27621 CONFIRM
tcl — linkhub_mesh_wifi	An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-22140 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the miniupnpd binary.	2022-08-05	not yet calculated	CVE-2022-24017 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the multiWAN binary.	2022-08-05	not yet calculated	CVE-2022-24018 MISC
tcl — linkhub_mesh_wifi	A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-22144 MISC
tcl — linkhub_mesh_wifi	A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-23103 MISC
tcl — linkhub_mesh_wifi	A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-27660 MISC
tcl — linkhub_mesh_wifi	An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-27633 MISC
tcl — linkhub_mesh_wifi	An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-27630 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the ap_steer binary.	2022-08-05	not yet calculated	CVE-2022-24005 MISC
tcl — linkhub_mesh_wifi	A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow.	2022-08-05	not yet calculated	CVE-2022-23918 MISC
tcl — linkhub_mesh_wifi	A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow.	2022-08-05	not yet calculated	CVE-2022-23919 MISC
tcl — linkhub_mesh_wifi	A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-23399 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the arpbrocast binary.	2022-08-05	not yet calculated	CVE-2022-24006 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cfm binary.	2022-08-05	not yet calculated	CVE-2022-24007 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confcli binary.	2022-08-05	not yet calculated	CVE-2022-24008 MISC
tcl — linkhub_mesh_wifi	An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-21178 MISC
tcl — linkhub_mesh_wifi	A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-27178 MISC
tcl — linkhub_mesh_wifi	A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-27185 MISC
tcl — linkhub_mesh_wifi	A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-21201 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confsrv binary.	2022-08-05	not yet calculated	CVE-2022-24009 MISC
tcl — linkhub_mesh_wifi	A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-26346 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the netctrl binary.	2022-08-05	not yet calculated	CVE-2022-24019 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary.	2022-08-05	not yet calculated	CVE-2022-24022 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommonprod.so binary.	2022-08-05	not yet calculated	CVE-2022-24028 MISC
tcl — linkhub_mesh_wifi	A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-26009 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the fota binary.	2022-08-05	not yet calculated	CVE-2022-24012 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the gpio_ctrl binary.	2022-08-05	not yet calculated	CVE-2022-24013 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the logserver binary.	2022-08-05	not yet calculated	CVE-2022-24014 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the log_upload binary.	2022-08-05	not yet calculated	CVE-2022-24015 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rp-pppoe.so binary.	2022-08-05	not yet calculated	CVE-2022-24029 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the mesh_status_check binary.	2022-08-05	not yet calculated	CVE-2022-24016 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommon.so binary.	2022-08-05	not yet calculated	CVE-2022-24027 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pppd binary.	2022-08-05	not yet calculated	CVE-2022-24023 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the network_check binary.	2022-08-05	not yet calculated	CVE-2022-24020 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the online_process binary.	2022-08-05	not yet calculated	CVE-2022-24021 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cwmpd binary.	2022-08-05	not yet calculated	CVE-2022-24010 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the telnet_ate_monitor binary.	2022-08-05	not yet calculated	CVE-2022-24026 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the sntp binary.	2022-08-05	not yet calculated	CVE-2022-24025 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rtk_ate binary.	2022-08-05	not yet calculated	CVE-2022-24024 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary.	2022-08-05	not yet calculated	CVE-2022-24011 MISC
tcl — linkhub_mesh_wifi	A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-26342 MISC
tcl — linkhub_mesh_wifi	A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.	2022-08-05	not yet calculated	CVE-2022-25996 MISC
teamplus_technology — teamplus_pro	Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application.	2022-08-02	not yet calculated	CVE-2022-35220 MISC
teamplus_technology — teamplus_pro	Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service.	2022-08-02	not yet calculated	CVE-2022-35221 MISC
tem — flex-1085	A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	2022-08-01	not yet calculated	CVE-2022-2591 MISC
tencent — tscancode	A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script.	2022-08-03	not yet calculated	CVE-2022-35158 MISC
thoughtbot — administrate	Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user’s OAuth autorization code.	2022-08-05	not yet calculated	CVE-2016-3098 MISC
tibco — iway_service_manager	The iWay Service Manager Console component of TIBCO Software Inc.’s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO iWay Service Manager: versions 8.0.6 and below.	2022-08-02	not yet calculated	CVE-2022-30572 CONFIRM CONFIRM
tibco — iway_service_manager	The iWay Service Manager Console component of TIBCO Software Inc.’s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO iWay Service Manager: versions 8.0.6 and below.	2022-08-02	not yet calculated	CVE-2022-30571 CONFIRM CONFIRM
tooljet — tooljet	Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.	2022-08-02	not yet calculated	CVE-2022-2631 MISC CONFIRM
totolink — totlink_a3600r_firmware	Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.	2022-08-04	not yet calculated	CVE-2022-34993 MISC MISC
trend_micro — apex_one_and_worry-free_business_security	A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.	2022-07-30	not yet calculated	CVE-2022-36336 MISC MISC
trend_micro — security	Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.	2022-07-30	not yet calculated	CVE-2022-35234 MISC MISC
trend_mirco — vpn_proxy_one_pro	Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.	2022-07-30	not yet calculated	CVE-2022-33158 MISC MISC
triplecross — triplecross	TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters.	2022-08-03	not yet calculated	CVE-2022-35506 MISC
triplecross — triplecross	A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command.	2022-08-03	not yet calculated	CVE-2022-35505 MISC
umlaeute — v4l2loopback	Depending on the way the format strings in the card label are crafted it’s possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).	2022-08-04	not yet calculated	CVE-2022-2652 CONFIRM MISC
undertow — undertow	When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow’s AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in “All workers are in error state” and mod_cluster responds “503 Service Unavailable” for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the “retry” timeout passes. However, luckily, mod_proxy_balancer has “forcerecovery” setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding “503 Service Unavailable”. An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.	2022-08-05	not yet calculated	CVE-2022-2053 MISC MISC
unitree — go_1_robotics_platform	Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.	2022-08-05	not yet calculated	CVE-2022-2675 MISC MISC MISC
uniwill — sparkio.sys_driver	The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008.	2022-08-05	not yet calculated	CVE-2022-37415 MISC
vim — vim	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.	2022-08-01	not yet calculated	CVE-2022-2571 MISC CONFIRM
vim — vim	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.	2022-08-01	not yet calculated	CVE-2022-2580 CONFIRM MISC
vim — vim	Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.	2022-08-01	not yet calculated	CVE-2022-2581 CONFIRM MISC
vim — vim	Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.	2022-08-01	not yet calculated	CVE-2022-2598 MISC CONFIRM
vinchin — backup_and_recovery	This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.	2022-08-03	not yet calculated	CVE-2022-35866 MISC
vmware — multiple_products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.	2022-08-05	not yet calculated	CVE-2022-31656 MISC
vmware — multiple_products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’.	2022-08-05	not yet calculated	CVE-2022-31660 MISC
vmware — multiple_products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’.	2022-08-05	not yet calculated	CVE-2022-31664 MISC
vmware — multiple_products	VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.	2022-08-05	not yet calculated	CVE-2022-31662 MISC
vmware — multiple_products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window.	2022-08-05	not yet calculated	CVE-2022-31663 MISC
vmware — multiple_products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to ‘root’.	2022-08-05	not yet calculated	CVE-2022-31661 MISC
vmware — multiple_products	VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.	2022-08-05	not yet calculated	CVE-2022-31659 MISC
vmware — multiple_products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.	2022-08-05	not yet calculated	CVE-2022-31658 MISC
vmware — multiple_products	VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.	2022-08-05	not yet calculated	CVE-2022-31657 MISC
vmware — multiple_products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution.	2022-08-05	not yet calculated	CVE-2022-31665 MISC
web_based_quiz_system — web_based_quiz_system	Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php.	2022-08-02	not yet calculated	CVE-2022-35422 MISC
websockets-rs — rust-websocket	Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When `Vec::with_capacity` fails to allocate, the default Rust allocator will abort the current process, killing all threads. This affects only sync (non-Tokio) implementation. Async version also does not limit memory, but does not use `with_capacity`, so DoS can happen only when bytes for oversized dataframe or message actually got delivered by the attacker. The crashes are fixed in version 0.26.5 by imposing default dataframe size limits. Affected users are advised to update to this version. Users unable to upgrade are advised to filter websocket traffic externally or to only accept trusted traffic.	2022-08-01	not yet calculated	CVE-2022-35922 MISC CONFIRM
wedding_hall_booking_system — wedding_hall_booking_system	A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability.	2022-08-06	not yet calculated	CVE-2022-2691 MISC MISC
wedding_hall_booking_system — wedding_hall_booking_system	A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812.	2022-08-06	not yet calculated	CVE-2022-2689 MISC MISC
wedding_hall_booking_system — wedding_hall_booking_system	A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability.	2022-08-06	not yet calculated	CVE-2022-2690 MISC MISC
wedding_hall_booking_system — wedding_hall_booking_system	A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815.	2022-08-06	not yet calculated	CVE-2022-2692 MISC MISC
western_digital — sweet_b	When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.	2022-07-29	not yet calculated	CVE-2022-23004 MISC
western_digital — sweet_b	When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.	2022-07-29	not yet calculated	CVE-2022-23003 MISC
western_digital — sweet_b	When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.	2022-07-29	not yet calculated	CVE-2022-23002 MISC
western_digital — sweet_b	When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user’s assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components.	2022-07-29	not yet calculated	CVE-2022-23001 MISC
wordpress — wordpress	The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.	2022-08-01	not yet calculated	CVE-2022-1906 MISC
wordpress — wordpress	Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.	2022-08-01	not yet calculated	CVE-2022-36343 CONFIRM CONFIRM
wordpress — wordpress	The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.	2022-08-01	not yet calculated	CVE-2022-2171 MISC
wordpress — wordpress	The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.	2022-08-01	not yet calculated	CVE-2022-2170 MISC
wordpress — wordpress	The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection	2022-08-01	not yet calculated	CVE-2022-1950 MISC
wordpress — wordpress	The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting	2022-08-01	not yet calculated	CVE-2022-2181 MISC
wordpress — wordpress	The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.	2022-08-01	not yet calculated	CVE-2022-1600 MISC
wordpress — wordpress	The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.	2022-08-01	not yet calculated	CVE-2022-2184 MISC
wordpress — wordpress	The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.	2022-08-01	not yet calculated	CVE-2022-1585 MISC
wordpress — wordpress	Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.	2022-07-29	not yet calculated	CVE-2022-36378 CONFIRM CONFIRM
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.	2022-08-05	not yet calculated	CVE-2022-33201 CONFIRM CONFIRM
wordpress — wordpress	The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-08-01	not yet calculated	CVE-2022-2215 MISC
wordpress — wordpress	The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.	2022-08-01	not yet calculated	CVE-2022-2273 MISC
wordpress — wordpress	The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.	2022-08-01	not yet calculated	CVE-2022-0598 MISC
wordpress — wordpress	The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-08-01	not yet calculated	CVE-2022-2325 MISC
wordpress — wordpress	The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues	2022-08-01	not yet calculated	CVE-2022-2241 MISC
wordpress — wordpress	The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-08-01	not yet calculated	CVE-2022-2278 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews.	2022-08-05	not yet calculated	CVE-2021-36861 CONFIRM CONFIRM
wordpress — wordpress	Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.	2022-08-01	not yet calculated	CVE-2022-34154 CONFIRM CONFIRM
wordpress — wordpress	The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)	2022-08-01	not yet calculated	CVE-2022-2305 MISC
wordpress — wordpress	The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.	2022-08-01	not yet calculated	CVE-2022-2317 MISC
wordpress — wordpress	The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks	2022-08-01	not yet calculated	CVE-2022-2245 MISC
wordpress — wordpress	The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.	2022-08-01	not yet calculated	CVE-2022-2328 MISC
wordpress — wordpress	The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target’s CPU.	2022-08-01	not yet calculated	CVE-2022-2260 MISC
wordpress — wordpress	The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin	2022-08-01	not yet calculated	CVE-2022-2369 MISC
wordpress — wordpress	The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them	2022-08-01	not yet calculated	CVE-2022-2370 MISC
wordpress — wordpress	The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed	2022-08-01	not yet calculated	CVE-2022-1324 MISC
wordpress — wordpress	Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.	2022-08-05	not yet calculated	CVE-2022-25649 CONFIRM CONFIRM
wordpress — wordpress	Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page.	2022-08-05	not yet calculated	CVE-2022-36284 CONFIRM CONFIRM
wordpress — wordpress	The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the “Insert from URL” feature. NOTE: the XSS payload does not execute in the context of the WordPress instance’s domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.	2022-07-30	not yet calculated	CVE-2022-33994 MISC
wordpress — wordpress	Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete.	2022-08-05	not yet calculated	CVE-2022-36296 CONFIRM CONFIRM
xhyve — xhyve	This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.	2022-08-03	not yet calculated	CVE-2022-35867 MISC
yuba — u5cms	Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.	2022-08-03	not yet calculated	CVE-2022-34937 MISC
zlib — zlib	zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).	2022-08-05	not yet calculated	CVE-2022-37434 MISC MISC MISC MISC MLIST

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

To keep up to date follow us on the below channels.

Tags: threatintel, US-CERT

US-CERT Bulletin (SB22-220):Vulnerability Summary for the Week of August 1, 2022

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

You may have missed

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400