Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35656 | 1 Pega | 1 Pega Platform | 2022-08-23 | N/A | 4.5 MEDIUM |
| Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | |||||
| CVE-2022-35654 | 1 Pega | 1 Pega Platform | 2022-08-23 | N/A | 6.1 MEDIUM |
| Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | |||||
| CVE-2022-35201 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-08-23 | N/A | 9.8 CRITICAL |
| Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | |||||
| CVE-2022-36251 | 1 Clinic\'s Patient Management System Project | 1 Clinic\'s Patient Management System | 2022-08-23 | N/A | 6.1 MEDIUM |
| Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. | |||||
| CVE-2022-36198 | 1 Bus Pass Management System Project | 1 Bus Pass Management System | 2022-08-23 | N/A | 9.8 CRITICAL |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | |||||
| CVE-2022-35655 | 1 Pega | 1 Pega Platform | 2022-08-23 | N/A | 6.1 MEDIUM |
| Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | |||||
| CVE-2021-3894 | 2022-08-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-3771 | 2022-08-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-3724 | 2022-08-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-23161 | 2022-08-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-23156 | 2022-08-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-2885 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-08-23 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-2921 | 1 Notrinos | 1 Notrinoserp | 2022-08-23 | N/A | 8.8 HIGH |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions. | |||||
| CVE-2022-23460 | 1 Json\+\+ Project | 1 Json\+\+ | 2022-08-23 | N/A | 7.5 HIGH |
| Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement. | |||||
| CVE-2022-23459 | 1 Json\+\+ Project | 1 Json\+\+ | 2022-08-23 | N/A | 9.8 CRITICAL |
| Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement. | |||||
| CVE-2022-36344 | 1 Justsystems | 60 Atok Medical 2, Atok Medical 3, Atok Pro 3 and 57 more | 2022-08-23 | N/A | 9.8 CRITICAL |
| An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. | |||||
| CVE-2020-27790 | 1 Upx Project | 1 Upx | 2022-08-23 | N/A | 5.5 MEDIUM |
| A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability. | |||||
| CVE-2022-35976 | 1 Weave | 1 Gitops Tools | 2022-08-23 | N/A | 9.8 CRITICAL |
| The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. Users relying on kubeconfigs that are generated or altered by other processes or users are affected by this issue. Please note that the vulnerability is specific to this extension, and the same kubeconfig would not result in arbitrary code execution when used with kubectl. Using only trust-worthy kubeconfigs is a safe mitigation. However, updating to the latest version of the extension is still highly recommended. | |||||
| CVE-2022-36263 | 2 Logitech, Microsoft | 2 Streamlabs Desktop, Windows | 2022-08-23 | N/A | 7.3 HIGH |
| StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | |||||
| CVE-2022-0542 | 1 Chatwoot | 1 Chatwoot | 2022-08-23 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. | |||||