Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2409 | 1 Rough Chart Project | 1 Rough Chart | 2022-08-11 | N/A | 4.8 MEDIUM |
| The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-2410 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2022-08-11 | N/A | 4.8 MEDIUM |
| The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2411 | 1 Auto More Tag Project | 1 Auto More Tag | 2022-08-11 | N/A | 4.8 MEDIUM |
| The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-33722 | 1 Google | 1 Android | 2022-08-11 | N/A | 3.3 LOW |
| Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | |||||
| CVE-2022-33716 | 1 Google | 1 Android | 2022-08-11 | N/A | 4.4 MEDIUM |
| An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. | |||||
| CVE-2022-2674 | 1 Best Fee Management System Project | 1 Best Fee Management System | 2022-08-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2673 | 1 Rigatur | 1 Online Booking And Hotel Management System | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability. | |||||
| CVE-2022-2672 | 1 Garage Management System Project | 1 Garage Management System | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656. | |||||
| CVE-2022-2671 | 1 Garage Management System Project | 1 Garage Management System | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655. | |||||
| CVE-2022-2667 | 1 Loan Management System Project | 1 Loan Management System | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619. | |||||
| CVE-2022-2665 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2022-08-11 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615. | |||||
| CVE-2022-2664 | 1 Private Cloud Management Platform Project | 1 Private Cloud Management Platform | 2022-08-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-28391 | 1 Busybox | 1 Busybox | 2022-08-11 | 6.8 MEDIUM | 8.8 HIGH |
| BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. | |||||
| CVE-2022-29071 | 1 Arista | 1 Cloudvision Portal | 2022-08-11 | N/A | 5.5 MEDIUM |
| This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. | |||||
| CVE-2022-37416 | 1 Ittiam | 1 Libmpeg2 | 2022-08-11 | N/A | 6.5 MEDIUM |
| Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. | |||||
| CVE-2022-21186 | 1 Acrontum | 1 Filesystem-template | 2022-08-11 | N/A | 9.8 CRITICAL |
| The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. | |||||
| CVE-2022-37415 | 1 Uniwill | 1 Sparkio.sys | 2022-08-11 | N/A | 7.8 HIGH |
| The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008. | |||||
| CVE-2022-35930 | 1 Sigstore | 1 Policy Controller | 2022-08-11 | N/A | 8.8 HIGH |
| PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade. | |||||
| CVE-2022-2367 | 1 Wsm Downloader Project | 1 Wsm Downloader | 2022-08-11 | N/A | 7.5 HIGH |
| The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation | |||||
| CVE-2022-2668 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-08-11 | N/A | 7.2 HIGH |
| An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | |||||