Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36115 | 1 Ssctech | 1 Blue Prism | 2023-08-08 | N/A | 7.1 HIGH |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment. | |||||
| CVE-2022-23235 | 1 Netapp | 1 Active Iq Unified Manager | 2023-08-08 | N/A | 5.3 MEDIUM |
| Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled. | |||||
| CVE-2022-37078 | 1 Totolink | 2 A7000r, A7000r Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. | |||||
| CVE-2022-36804 | 1 Atlassian | 1 Bitbucket | 2023-08-08 | N/A | 8.8 HIGH |
| Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew. | |||||
| CVE-2022-27812 | 1 Stormshield | 1 Network Security | 2023-08-08 | N/A | 7.5 HIGH |
| Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | |||||
| CVE-2022-38078 | 1 Sixapart | 1 Movable Type | 2023-08-08 | N/A | 9.8 CRITICAL |
| Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | |||||
| CVE-2022-35235 | 1 Xplodedthemes | 1 Wpide - File Manager \& Code Editor | 2023-08-08 | N/A | 4.9 MEDIUM |
| Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | |||||
| CVE-2022-33142 | 1 Wordplus | 1 Better Messages | 2023-08-08 | N/A | 6.5 MEDIUM |
| Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | |||||
| CVE-2022-35203 | 1 Trendnet | 2 Tv-ip572pi, Tv-ip572pi Firmware | 2023-08-08 | N/A | 7.2 HIGH |
| An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. | |||||
| CVE-2022-38668 | 1 Crowcpp | 1 Crow | 2023-08-08 | N/A | 7.5 HIGH |
| HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. | |||||
| CVE-2022-34770 | 1 Tabit | 1 Tabit | 2023-08-08 | N/A | 7.5 HIGH |
| Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in Tabit’s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number. | |||||
| CVE-2022-38493 | 1 Rhonabwy Project | 1 Rhonabwy | 2023-08-08 | N/A | 7.5 HIGH |
| Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | |||||
| CVE-2022-36263 | 2 Logitech, Microsoft | 2 Streamlabs Desktop, Windows | 2023-08-08 | N/A | 7.3 HIGH |
| StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | |||||
| CVE-2022-35167 | 1 Prinitix | 1 Cloud Print Management | 2023-08-08 | N/A | 8.8 HIGH |
| Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. | |||||
| CVE-2022-37770 | 1 Jpeg | 1 Libjpeg | 2023-08-08 | N/A | 6.5 MEDIUM |
| libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2022-37769 | 1 Jpeg | 1 Libjpeg | 2023-08-08 | N/A | 6.5 MEDIUM |
| libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2021-33128 | 1 Intel | 2 Ethernet Controller E810, Ethernet Controller E810 Firmware | 2023-08-08 | N/A | 4.4 MEDIUM |
| Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-33311 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | |||||
| CVE-2022-32583 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. | |||||
| CVE-2022-32544 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | |||||
| CVE-2022-25986 | 1 Cybozu | 1 Office | 2023-08-08 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | |||||
| CVE-2022-35198 | 1 Contract Management System Project | 1 Contract Managment System | 2023-08-08 | N/A | 7.5 HIGH |
| Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. | |||||
| CVE-2022-35147 | 1 Html-js | 1 Doracms | 2023-08-08 | N/A | 9.8 CRITICAL |
| DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. | |||||
| CVE-2022-35122 | 1 Ecowitt | 2 Gw1100, Gw1100 Firmware | 2023-08-08 | N/A | 9.1 CRITICAL |
| An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords. | |||||
| CVE-2021-45454 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2023-08-08 | N/A | 7.5 HIGH |
| Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon. | |||||
| CVE-2022-36153 | 1 Monostream | 1 Tifig | 2023-08-08 | N/A | 5.5 MEDIUM |
| tifig v0.2.2 was discovered to contain a segmentation violation via std::vector<unsigned int, std::allocator<unsigned int> >::size() const at /bits/stl_vector.h. | |||||
| CVE-2022-36152 | 1 Monostream | 1 Tifig | 2023-08-08 | N/A | 5.5 MEDIUM |
| tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp. | |||||
| CVE-2022-36151 | 1 Monostream | 1 Tifig | 2023-08-08 | N/A | 5.5 MEDIUM |
| tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp. | |||||
| CVE-2022-35110 | 1 Swftools | 1 Swftools | 2023-08-08 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. | |||||
| CVE-2022-48257 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2023-08-08 | N/A | 5.3 MEDIUM |
| In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. | |||||
| CVE-2022-39184 | 1 Exfo | 2 Bv-10, Bv-10 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass. | |||||
| CVE-2022-39182 | 1 Mingham-smith | 1 Tardis 2000 | 2023-08-08 | N/A | 8.8 HIGH |
| H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges. | |||||
| CVE-2021-46791 | 1 Amd | 2 Milanpi, Milanpi Firmware | 2023-08-08 | N/A | 5.5 MEDIUM |
| Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service. | |||||
| CVE-2021-46779 | 1 Amd | 6 Milanpi, Milanpi Firmware, Naplespi and 3 more | 2023-08-08 | N/A | 7.1 HIGH |
| Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability. | |||||
| CVE-2021-26407 | 1 Amd | 2 Romepi, Romepi Firmware | 2023-08-08 | N/A | 5.5 MEDIUM |
| A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. | |||||
| CVE-2021-26398 | 1 Amd | 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more | 2023-08-08 | N/A | 7.8 HIGH |
| Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. | |||||
| CVE-2021-26355 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. | |||||
| CVE-2021-26316 | 1 Amd | 294 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 291 more | 2023-08-08 | N/A | 7.8 HIGH |
| Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. | |||||
| CVE-2022-36443 | 1 Zebra | 1 Enterprise Home Screen | 2023-08-08 | N/A | 7.8 HIGH |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction. | |||||
| CVE-2022-43540 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2023-08-08 | N/A | 5.5 MEDIUM |
| A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43539 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-08-08 | N/A | 4.5 MEDIUM |
| A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a privileged user on the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43538 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-08-08 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43537 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-08-08 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43536 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-08-08 | N/A | 8.8 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-48216 | 1 Uniswap | 2 Universal Router, Universal Router Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| Uniswap Universal Router before 1.1.0 mishandles reentrancy. This would have allowed theft of funds. | |||||
| CVE-2022-44425 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-08-08 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-32659 | 2 Mediatek, Thelinuxfoundation | 25 Mt7603, Mt7603 Firmware, Mt7613 and 22 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066. | |||||
| CVE-2022-32658 | 1 Mediatek | 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059. | |||||
| CVE-2022-32657 | 1 Mediatek | 20 Mt7603, Mt7603 Firmware, Mt7613 and 17 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042. | |||||