Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37122 | 2022-08-31 | N/A | N/A | ||
| Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. | |||||
| CVE-2022-36035 | 2022-08-31 | N/A | N/A | ||
| Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy. | |||||
| CVE-2021-42522 | 1 Gnome | 1 Anjuta | 2022-08-31 | N/A | 7.5 HIGH |
| There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'. | |||||
| CVE-2022-37158 | 1 Iocoder | 1 Ruoyi-vue-pro | 2022-08-31 | N/A | 9.8 CRITICAL |
| RuoYi v3.8.3 has a Weak password vulnerability in the management system. | |||||
| CVE-2022-34960 | 1 Mikrotik | 1 Routeros | 2022-08-31 | N/A | 9.8 CRITICAL |
| The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host. | |||||
| CVE-2022-36226 | 1 Siteservercms Project | 1 Siteservercms | 2022-08-31 | N/A | 7.2 HIGH |
| SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | |||||
| CVE-2021-43329 | 1 Mumara | 1 Classic | 2022-08-31 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter. | |||||
| CVE-2022-36168 | 1 Wuzhicms | 1 Wuzhicms | 2022-08-31 | N/A | 2.7 LOW |
| A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | |||||
| CVE-2022-38078 | 1 Sixapart | 1 Movable Type | 2022-08-31 | N/A | 9.8 CRITICAL |
| Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | |||||
| CVE-2022-37418 | 3 Hyundai, Kia, Nissan | 6 Hyundai, Hyundai Firmware, Kia and 3 more | 2022-08-31 | N/A | 6.4 MEDIUM |
| The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | |||||
| CVE-2022-37305 | 1 Honda | 2 Honda, Honda Firmware | 2022-08-31 | N/A | 6.4 MEDIUM |
| The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | |||||
| CVE-2022-36945 | 1 Mazda | 2 Mazda, Mazda Firmware | 2022-08-31 | N/A | 6.4 MEDIUM |
| The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | |||||
| CVE-2021-39394 | 1 Mm-wiki Project | 1 Mm-wiki | 2022-08-31 | N/A | 6.5 MEDIUM |
| mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. | |||||
| CVE-2021-39393 | 1 Mm-wiki Project | 1 Mm-wiki | 2022-08-31 | N/A | 6.1 MEDIUM |
| mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. | |||||
| CVE-2022-2031 | 1 Samba | 1 Samba | 2022-08-31 | N/A | 8.8 HIGH |
| A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. | |||||
| CVE-2022-34836 | 1 Abb | 1 Zenon | 2022-08-31 | N/A | 8.2 HIGH |
| Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | |||||
| CVE-2022-34256 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-08-31 | N/A | 9.8 CRITICAL |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-30287 | 1 Horde | 1 Groupware | 2022-08-31 | N/A | 8.0 HIGH |
| Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | |||||
| CVE-2022-33678 | 1 Microsoft | 1 Azure Site Recovery | 2022-08-30 | 6.5 MEDIUM | 7.2 HIGH |
| Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-33676. | |||||
| CVE-2022-33676 | 1 Microsoft | 1 Azure Site Recovery | 2022-08-30 | 6.5 MEDIUM | 7.2 HIGH |
| Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-33678. | |||||