Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40306 | 1 Ecisolutions | 1 Printanista Managed Print Service | 2023-08-08 | N/A | 5.9 MEDIUM |
| The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) through 2022-06-27 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly. | |||||
| CVE-2022-40736 | 1 Axiosys | 1 Bento4 | 2023-08-08 | N/A | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp. | |||||
| CVE-2021-38924 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2023-08-08 | N/A | 7.5 HIGH |
| IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163. | |||||
| CVE-2022-36436 | 1 Osuosl | 1 Twisted Vnc Authentication Proxy | 2023-08-08 | N/A | 9.8 CRITICAL |
| OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server. | |||||
| CVE-2022-38770 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2023-08-08 | N/A | 5.3 MEDIUM |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. | |||||
| CVE-2022-38769 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2023-08-08 | N/A | 7.5 HIGH |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. | |||||
| CVE-2022-38768 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2023-08-08 | N/A | 9.8 CRITICAL |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. | |||||
| CVE-2022-37190 | 1 Cuppacms | 1 Cuppacms | 2023-08-08 | N/A | 8.8 HIGH |
| CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | |||||
| CVE-2022-35582 | 1 Pentasecurity | 1 Wapples | 2023-08-08 | N/A | 8.8 HIGH |
| Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. | |||||
| CVE-2022-38497 | 1 Lief-project | 1 Lief | 2023-08-08 | N/A | 5.5 MEDIUM |
| LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. | |||||
| CVE-2022-38307 | 1 Lief-project | 1 Lief | 2023-08-08 | N/A | 5.5 MEDIUM |
| LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. | |||||
| CVE-2022-38006 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2022-37958 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 8.1 HIGH |
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | |||||
| CVE-2022-37954 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2023-08-08 | N/A | 7.8 HIGH |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-35841 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-08-08 | N/A | 8.8 HIGH |
| Windows Enterprise App Management Service Remote Code Execution Vulnerability | |||||
| CVE-2022-35838 | 1 Microsoft | 2 Windows 11, Windows Server 2022 | 2023-08-08 | N/A | 7.5 HIGH |
| HTTP V3 Denial of Service Vulnerability | |||||
| CVE-2022-35837 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2022-35833 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-08-08 | N/A | 7.5 HIGH |
| Windows Secure Channel Denial of Service Vulnerability | |||||
| CVE-2022-36780 | 1 Avdorcis | 1 Crystal Quality | 2023-08-08 | N/A | 5.3 MEDIUM |
| Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number. | |||||
| CVE-2022-35572 | 1 Linksys | 2 E5350, E5350 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is visible when remote management is enabled. A user who has access to the web interface of the device can extract these secrets. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction. | |||||
| CVE-2022-37734 | 1 Graphql-java Project | 1 Graphql-java | 2023-08-08 | N/A | 7.5 HIGH |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | |||||
| CVE-2022-38638 | 1 Casbin | 1 Casdoor | 2023-08-08 | N/A | 9.1 CRITICAL |
| Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. | |||||
| CVE-2021-40647 | 1 Man2html Project | 1 Man2html | 2023-08-08 | N/A | 5.5 MEDIUM |
| In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory. | |||||
| CVE-2022-28741 | 1 Aenrich | 1 A\+hrd | 2023-08-08 | N/A | 8.1 HIGH |
| aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x | |||||
| CVE-2022-40299 | 1 Singular | 1 Singular | 2023-08-08 | N/A | 7.8 HIGH |
| In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language. | |||||
| CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2023-08-08 | N/A | 8.1 HIGH |
| A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | |||||
| CVE-2022-37857 | 1 Hauk Project | 1 Hauk | 2023-08-08 | N/A | 7.5 HIGH |
| bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. | |||||
| CVE-2022-37164 | 1 Ontrack Project | 1 Ontrack | 2023-08-08 | N/A | 9.8 CRITICAL |
| Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | |||||
| CVE-2022-37163 | 1 Ihatetobudget Project | 1 Ihatetobudget | 2023-08-08 | N/A | 9.8 CRITICAL |
| Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | |||||
| CVE-2022-22314 | 1 Ibm | 1 Planning Analytics Workspace | 2023-08-08 | N/A | 3.3 LOW |
| IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. | |||||
| CVE-2022-38400 | 1 Synck | 1 Mailform Pro Cgi | 2023-08-08 | N/A | 5.9 MEDIUM |
| Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL. | |||||
| CVE-2022-37146 | 1 Plextrac | 1 Plextrac | 2023-08-08 | N/A | 5.3 MEDIUM |
| The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider take significantly longer than those for invalid users, allowing for valid users to be enumerated by an unauthenticated remote attacker. Note that the lockout policy implemented in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked user accounts and user accounts that do not exist, but does not prevent valid, unlocked users from being enumerated. | |||||
| CVE-2022-35513 | 1 Blink1 | 1 Blink1control2 | 2023-08-08 | N/A | 7.5 HIGH |
| The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. | |||||
| CVE-2022-40023 | 2 Debian, Sqlalchemy | 2 Debian Linux, Mako | 2023-08-08 | N/A | 7.5 HIGH |
| Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | |||||
| CVE-2022-23691 | 1 Arubanetworks | 5 Aos-cx, Cx 10000, Cx 8320 and 2 more | 2023-08-08 | N/A | 6.8 MEDIUM |
| A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2022-23690 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further exploitation in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2022-23689 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-23688 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-23687 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-23686 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2023-08-08 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1010 and below, AOS-CX 10.08.xxxx: 10.08.1050 and below, AOS-CX 10.06.xxxx: 10.06.0190 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | |||||
| CVE-2022-39196 | 1 Blackboard | 1 Blackboard Learn | 2023-08-08 | N/A | 6.5 MEDIUM |
| Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. | |||||
| CVE-2022-34382 | 1 Dell | 3 Alienware Update, Command Update, Update | 2023-08-08 | N/A | 7.8 HIGH |
| Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. | |||||
| CVE-2022-29959 | 1 Emerson | 1 Openbsi | 2023-08-08 | N/A | 5.5 MEDIUM |
| Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism. | |||||
| CVE-2022-33939 | 1 Yokogawa | 14 Centum Cs 3000 Cp31, Centum Cs 3000 Cp31 Firmware, Centum Cs 3000 Cp33 and 11 more | 2023-08-08 | N/A | 7.5 HIGH |
| CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. | |||||
| CVE-2022-36526 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. | |||||
| CVE-2022-36524 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2022-34294 | 1 Totd Project | 1 Totd | 2023-08-08 | N/A | 9.8 CRITICAL |
| totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks. | |||||
| CVE-2022-38183 | 1 Gitea | 1 Gitea | 2023-08-08 | N/A | 6.5 MEDIUM |
| In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | |||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2023-08-08 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | |||||
| CVE-2022-2619 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | |||||