Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2679 | 1 Interview Management System Project | 1 Interview Management System | 2022-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. | |||||
| CVE-2022-37035 | 1 Frrouting | 1 Frrouting | 2022-08-10 | N/A | 8.1 HIGH |
| An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. | |||||
| CVE-2022-36296 | 1 Jumpdemand | 1 Activedemand | 2022-08-10 | N/A | 5.3 MEDIUM |
| Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete. | |||||
| CVE-2022-36284 | 1 Storeapps | 1 Affiliate For Woocommerce | 2022-08-10 | N/A | 6.5 MEDIUM |
| Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. | |||||
| CVE-2022-35143 | 1 Raneto Project | 1 Raneto | 2022-08-10 | N/A | 9.8 CRITICAL |
| Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | |||||
| CVE-2022-35921 | 1 Friendsofflarum | 1 Byobu | 2022-08-10 | N/A | 4.3 MEDIUM |
| fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum's users and choose to disable the extension if needed. There are no workarounds for this issue. | |||||
| CVE-2022-35219 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2022-08-10 | N/A | 5.5 MEDIUM |
| The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | |||||
| CVE-2022-35218 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2022-08-10 | N/A | 5.5 MEDIUM |
| The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | |||||
| CVE-2022-35217 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2022-08-10 | N/A | 7.8 HIGH |
| The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | |||||
| CVE-2022-35142 | 1 Raneto Project | 1 Raneto | 2022-08-10 | N/A | 7.5 HIGH |
| An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. | |||||
| CVE-2022-35919 | 1 Minio | 1 Minio | 2022-08-10 | N/A | 2.7 LOW |
| MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. | |||||
| CVE-2022-25867 | 1 Socket | 1 Socket.io-client Java | 2022-08-10 | N/A | 7.5 HIGH |
| The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format. | |||||
| CVE-2022-2647 | 1 Jeecg | 1 Jeecg Boot | 2022-08-10 | N/A | 9.8 CRITICAL |
| A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-27616 | 1 Synology | 1 Diskstation Manager | 2022-08-10 | N/A | 7.2 HIGH |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2022-34158 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 8.8 HIGH |
| A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page. | |||||
| CVE-2022-28731 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 6.5 MEDIUM |
| A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page. | |||||
| CVE-2022-28732 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 6.1 MEDIUM |
| A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later. | |||||
| CVE-2022-28730 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 6.1 MEDIUM |
| A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later. | |||||
| CVE-2022-27166 | 1 Apache | 1 Jspwiki | 2022-08-10 | N/A | 6.1 MEDIUM |
| A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2022-35506 | 1 Triplecross Project | 1 Triplecross | 2022-08-10 | N/A | 7.5 HIGH |
| TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters. | |||||