Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2843 | 1 Motopress | 1 Timetable And Event Schedule | 2022-08-17 | N/A | 6.1 MEDIUM |
| A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument post_title with the input <img src=x onerror=alert`2`> leads to cross site scripting. The attack may be launched remotely. VDB-206486 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-39086 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling File Gateway and 3 more | 2022-08-17 | N/A | 5.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 215889. | |||||
| CVE-2021-39087 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling B2b Integrator and 3 more | 2022-08-17 | N/A | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109. | |||||
| CVE-2021-39085 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling B2b Integrator and 3 more | 2022-08-17 | N/A | 9.8 CRITICAL |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 215888. | |||||
| CVE-2021-39035 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Sterling B2b Integrator and 3 more | 2022-08-17 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213965. | |||||
| CVE-2022-38216 | 1 Mapbox | 1 Maps Software Development Kit | 2022-08-17 | N/A | 7.5 HIGH |
| An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process. | |||||
| CVE-2022-36312 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 8.8 HIGH |
| Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-36311 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 6.1 MEDIUM |
| Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-38221 | 3 Linux, Microsoft, The Isle Evrima Project | 3 Linux Kernel, Windows, The Isle Evrima | 2022-08-17 | N/A | 9.8 CRITICAL |
| A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary code. | |||||
| CVE-2022-36310 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 8.8 HIGH |
| Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-36309 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 8.8 HIGH |
| Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-35978 | 1 Minetest | 1 Minetest | 2022-08-17 | N/A | 10.0 CRITICAL |
| Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds. | |||||
| CVE-1999-0892 | 1 Netscape | 1 Communicator | 2022-08-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. | |||||
| CVE-2022-36308 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 9.1 CRITICAL |
| Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-36307 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 6.8 MEDIUM |
| The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-35624 | 1 Nordicsemi | 1 Nrf5 Sdk For Mesh | 2022-08-17 | N/A | 8.8 HIGH |
| In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN | |||||
| CVE-2022-22411 | 2 Ibm, Linux | 2 Spectrum Scale Data Access Services, Linux Kernel | 2022-08-17 | N/A | 6.5 MEDIUM |
| IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016. | |||||
| CVE-2022-36306 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 6.5 MEDIUM |
| An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2022-24949 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2022-08-17 | N/A | 7.5 HIGH |
| A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen(). | |||||
| CVE-2022-38359 | 1 Eyeofnetwork | 1 Eyes Of Network Web | 2022-08-17 | N/A | 8.8 HIGH |
| Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link. | |||||