Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2871 | 1 Notrinos | 1 Notrinoserp | 2022-08-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
| CVE-2022-1410 | 1 Device42 | 1 Cmdb | 2022-08-18 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions. | |||||
| CVE-2022-1400 | 1 Device42 | 1 Cmdb | 2022-08-18 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00. | |||||
| CVE-2022-1399 | 1 Device42 | 1 Cmdb | 2022-08-18 | N/A | 9.1 CRITICAL |
| An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions. | |||||
| CVE-2021-42052 | 1 Ipesa | 1 E-flow | 2022-08-18 | N/A | 7.5 HIGH |
| IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter. | |||||
| CVE-2022-37439 | 1 Splunk | 2 Splunk, Universal Forwarder | 2022-08-18 | N/A | 5.5 MEDIUM |
| In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file. | |||||
| CVE-2022-37438 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-08-18 | N/A | 3.5 LOW |
| In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. | |||||
| CVE-2022-37437 | 1 Splunk | 1 Splunk | 2022-08-18 | N/A | 9.8 CRITICAL |
| When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions. | |||||
| CVE-2022-35175 | 1 Barangay Management System Project | 1 Barangay Management System | 2022-08-18 | N/A | 9.8 CRITICAL |
| Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. | |||||
| CVE-2022-28755 | 1 Zoom | 2 Virtual Desktop Infrastructure, Zoom | 2022-08-18 | N/A | 6.1 MEDIUM |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths. | |||||
| CVE-2022-34259 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-08-18 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-34254 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-08-18 | N/A | 8.8 HIGH |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-34253 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-08-18 | N/A | 7.2 HIGH |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-28750 | 1 Zoom | 1 Meeting Connector | 2022-08-18 | N/A | 9.8 CRITICAL |
| Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code. | |||||
| CVE-2022-2662 | 1 Sequi | 2 Portbloque S, Portbloque S Firmware | 2022-08-18 | N/A | 9.8 CRITICAL |
| Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device. | |||||
| CVE-2022-2833 | 1 Blender | 1 Blender | 2022-08-18 | N/A | 7.5 HIGH |
| Endless Infinite loop in Blender-thumnailing due to logical bugs. | |||||
| CVE-2022-33993 | 1 Domain Name Relay Daemon Project | 1 Domain Name Relay Daemon | 2022-08-18 | N/A | 5.3 MEDIUM |
| Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | |||||
| CVE-2022-33992 | 1 Domain Name Relay Daemon Project | 1 Domain Name Relay Daemon | 2022-08-18 | N/A | 7.5 HIGH |
| DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers. | |||||
| CVE-2022-28753 | 1 Zoom | 1 Meeting Connector | 2022-08-18 | N/A | 5.4 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | |||||
| CVE-2022-28754 | 1 Zoom | 1 Meeting Connector | 2022-08-18 | N/A | 5.4 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | |||||