Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2770 | 1 Simple Online Book Store System Project | 1 Simple Online Book Store System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to launch the attack remotely. VDB-206166 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2777 | 1 Microweber | 1 Microweber | 2022-08-15 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. | |||||
| CVE-2022-2774 | 1 Library Management System Project | 1 Library Management System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Library Management System. It has been declared as critical. This vulnerability affects unknown code of the file librarian/student.php. The manipulation of the argument title leads to sql injection. The attack can be initiated remotely. VDB-206170 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2776 | 1 Gym Management System Project | 1 Gym Management System | 2022-08-15 | N/A | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Gym Management System. Affected is an unknown function of the file delete_user.php. The manipulation of the argument delete_user leads to denial of service. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206172. | |||||
| CVE-2021-46304 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2022-08-15 | N/A | 7.5 HIGH |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. | |||||
| CVE-2022-2772 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Apartment Visitor Management System and classified as critical. Affected by this issue is some unknown functionality of the file action-visitor.php. The manipulation of the argument editid/remark leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-206168. | |||||
| CVE-2022-2773 | 1 Apartment Visitors Management System Project | 1 Apartment Visitors Management System | 2022-08-15 | N/A | 6.1 MEDIUM |
| A vulnerability was found in SourceCodester Apartment Visitor Management System. It has been classified as problematic. This affects an unknown part of the file profile.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-206169 was assigned to this vulnerability. | |||||
| CVE-2022-20866 | 1 Cisco | 34 Adaptive Security Appliance Software, Asa 5506-x, Asa 5506h-x and 31 more | 2022-08-15 | N/A | 7.5 HIGH |
| A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vulnerable to the potential leak of the RSA private key. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. See the Indicators of Compromise section for more information on the detection of this type of RSA key. The RSA key could be malformed and invalid. A malformed RSA key is not functional, and a TLS client connection to a device that is running Cisco ASA Software or Cisco FTD Software that uses the malformed RSA key will result in a TLS signature failure, which means a vulnerable software release created an invalid RSA signature that failed verification. If an attacker obtains the RSA private key, they could use the key to impersonate a device that is running Cisco ASA Software or Cisco FTD Software or to decrypt the device traffic. | |||||
| CVE-2022-37002 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 9.8 CRITICAL |
| The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background. | |||||
| CVE-2022-37001 | 1 Huawei | 1 Harmonyos | 2022-08-15 | N/A | 7.5 HIGH |
| The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash. | |||||
| CVE-2022-37003 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 9.8 CRITICAL |
| The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files. | |||||
| CVE-2022-37005 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 7.5 HIGH |
| The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-37004 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 7.5 HIGH |
| The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability. | |||||
| CVE-2022-37007 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 7.5 HIGH |
| The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. | |||||
| CVE-2022-37008 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-08-15 | N/A | 7.5 HIGH |
| The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability. | |||||
| CVE-2022-35794 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-08-15 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34702, CVE-2022-34714, CVE-2022-35745, CVE-2022-35752, CVE-2022-35753, CVE-2022-35766, CVE-2022-35767. | |||||
| CVE-2022-38129 | 1 Keysight | 1 Sensor Management Server | 2022-08-15 | N/A | 9.8 CRITICAL |
| A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host. | |||||
| CVE-2022-38130 | 1 Keysight | 1 Sensor Management Server | 2022-08-15 | N/A | 9.8 CRITICAL |
| The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\<attacker-host>\sms\<attacker-db.zip>), effectively controlling the content of the database to be restored. | |||||
| CVE-2022-38155 | 1 Samsung | 1 Mtower | 2022-08-15 | N/A | 7.5 HIGH |
| TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. | |||||
| CVE-2022-2736 | 1 Company Website Cms Project | 1 Company Website Cms | 2022-08-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Company Website CMS. It has been classified as critical. This affects an unknown part of the file /dashboard/updatelogo.php of the component Background Upload Logo Icon. The manipulation of the argument xfile/ufile leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-205881 was assigned to this vulnerability. | |||||