Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-35917 | 1 Solana | 1 Pay | 2022-08-10 | N/A | 5.3 MEDIUM |
Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue. | |||||
CVE-2021-25979 | 1 Apostrophecms | 1 Apostrophecms | 2022-08-10 | 7.5 HIGH | 9.8 CRITICAL |
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.x and earlier) which does disable the existing session. | |||||
CVE-2022-28684 | 1 Devexpress | 1 Devexpress | 2022-08-10 | N/A | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710. | |||||
CVE-2022-30319 | 1 Honeywell | 1 Saia Pg5 Controls Suite | 2022-08-10 | N/A | 8.1 HIGH |
Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. It is possible to configure a password in order to restrict access to sensitive engineering functionality. Authentication functions on the basis of a MAC/IP whitelist with inactivity timeout to which an authenticated client's MAC/IP is stored. UDP traffic can be spoofed to bypass the whitelist-based access control. Since UDP is stateless, an attacker capable of passively observing traffic can spoof arbitrary messages using the MAC/IP of an authenticated client. This allows the attacker access to sensitive engineering functionality such as uploading/downloading control logic and manipulating controller configuration. | |||||
CVE-2022-2656 | 1 Multi Language Hotel Management Software Project | 1 Multi Language Hotel Management Software | 2022-08-10 | N/A | 9.8 CRITICAL |
A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596. | |||||
CVE-2022-2653 | 1 Planka | 1 Planka | 2022-08-10 | N/A | 6.5 MEDIUM |
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system. | |||||
CVE-2022-2652 | 1 V4l2loopback Project | 1 V4l2loopback | 2022-08-10 | N/A | 6.0 MEDIUM |
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). | |||||
CVE-2022-35620 | 1 Dlink | 2 Dir-818l, Dir-818l Firmware | 2022-08-10 | N/A | 9.8 CRITICAL |
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main. | |||||
CVE-2022-35619 | 1 Dlink | 2 Dir-818l, Dir-818l Firmware | 2022-08-10 | N/A | 9.8 CRITICAL |
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main. | |||||
CVE-2022-34974 | 1 Dlink | 2 Dir820la1, Dir820la1 Firmware | 2022-08-10 | N/A | 9.8 CRITICAL |
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. | |||||
CVE-2022-34973 | 1 Dlink | 2 Dir820la1, Dir820la1 Firmware | 2022-08-10 | N/A | 7.5 HIGH |
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. | |||||
CVE-2022-27484 | 1 Fortinet | 1 Fortiadc | 2022-08-10 | N/A | 4.3 MEDIUM |
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. | |||||
CVE-2022-36447 | 1 Chia | 1 Network Cat1 Standard | 2022-08-10 | N/A | 7.5 HIGH |
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious. | |||||
CVE-2022-33158 | 2 Microsoft, Trendmicro | 2 Windows, Vpn Proxy One Pro | 2022-08-10 | N/A | 7.8 HIGH |
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | |||||
CVE-2022-30083 | 1 Elliegrid | 1 Elliegrid | 2022-08-10 | N/A | 9.8 CRITICAL |
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). | |||||
CVE-2021-27785 | 1 Hcltechsw | 1 Hcl Commerce | 2022-08-10 | N/A | 5.0 MEDIUM |
HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | |||||
CVE-2022-23442 | 1 Fortinet | 1 Fortios | 2022-08-09 | N/A | 4.3 MEDIUM |
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands. | |||||
CVE-2022-36984 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2022-08-09 | N/A | 6.5 MEDIUM |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server. | |||||
CVE-2022-34937 | 1 Yuba | 1 U5cms | 2022-08-09 | N/A | 8.8 HIGH |
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. | |||||
CVE-2022-36197 | 1 Bigtreecms | 1 Bigtree Cms | 2022-08-09 | N/A | 5.4 MEDIUM |
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. |