Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25812 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-08-24 | N/A | 7.2 HIGH |
| The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE | |||||
| CVE-2021-1585 | 1 Cisco | 1 Adaptive Security Device Manager | 2022-08-19 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM. | |||||
| CVE-2022-36216 | 1 Dedecms | 1 Dedecms | 2022-08-18 | N/A | 7.2 HIGH |
| DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | |||||
| CVE-2022-36215 | 1 Dedebiz | 1 Dedecmsv6 | 2022-08-18 | N/A | 7.2 HIGH |
| DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php. | |||||
| CVE-2022-35516 | 1 Dedecms | 1 Dedecms | 2022-08-18 | N/A | 9.8 CRITICAL |
| DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | |||||
| CVE-1999-0509 | 2022-08-16 | 10.0 HIGH | N/A | ||
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2022-36262 | 1 Taogogo | 1 Taocms | 2022-08-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | |||||
| CVE-2022-2354 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2022-08-16 | N/A | 7.2 HIGH |
| The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. | |||||
| CVE-2022-36006 | 1 Arvados | 1 Arvados | 2022-08-16 | N/A | 8.8 HIGH |
| Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (“Workbench 1”). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (“Workbench 2”) or API Server, are vulnerable to this attack. For versions of Arvados earlier than 2.4.2: remove the Ruby-based "Workbench 1" app ("apt-get remove arvados-workbench") from your installation as a workaround. | |||||
| CVE-2017-7494 | 2 Debian, Samba | 2 Debian Linux, Samba | 2022-08-16 | 10.0 HIGH | 9.8 CRITICAL |
| Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. | |||||
| CVE-2022-30580 | 1 Golang | 1 Go | 2022-08-12 | N/A | 7.8 HIGH |
| Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | |||||
| CVE-2022-35766 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-08-12 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35767, CVE-2022-35794. | |||||
| CVE-2022-35772 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2022-08-12 | N/A | 7.2 HIGH |
| Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35824. | |||||
| CVE-2022-35777 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2022-08-12 | N/A | 8.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35825, CVE-2022-35826, CVE-2022-35827. | |||||
| CVE-2022-35773 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2022-08-12 | N/A | 7.8 HIGH |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-34687, CVE-2022-35779, CVE-2022-35806. | |||||
| CVE-2022-35779 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2022-08-12 | N/A | 7.8 HIGH |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30175, CVE-2022-30176, CVE-2022-34687, CVE-2022-35773, CVE-2022-35806. | |||||
| CVE-2022-30083 | 1 Elliegrid | 1 Elliegrid | 2022-08-10 | N/A | 9.8 CRITICAL |
| EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). | |||||
| CVE-2021-3725 | 1 Planetargon | 1 Oh My Zsh | 2022-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin. | |||||
| CVE-2009-1698 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2022-08-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2021-43837 | 1 Vault-cli Project | 1 Vault-cli | 2022-08-09 | 9.0 HIGH | 9.1 CRITICAL |
| vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. If the content of the vault can be completely trusted, then this is not a problem. Otherwise, if your threat model includes cases where an attacker can manipulate a secret value read from the vault using vault-cli, then this vulnerability may impact you. In 3.0.0, the code related to interpreting vault templated secrets has been removed entirely. Users are advised to upgrade as soon as possible. For users unable to upgrade a workaround does exist. Using the environment variable `VAULT_CLI_RENDER=false` or the flag `--no-render` (placed between `vault-cli` and the subcommand, e.g. `vault-cli --no-render get-all`) or adding `render: false` to the vault-cli configuration yaml file disables rendering and removes the vulnerability. Using the python library, you can use: `vault_cli.get_client(render=False)` when creating your client to get a client that will not render templated secrets and thus operates securely. | |||||