Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2032 | 1 Pandorafms | 1 Pandora Fms | 2022-08-02 | N/A | 4.8 MEDIUM |
| In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-2059 | 1 Pandorafms | 1 Pandora Fms | 2022-08-02 | N/A | 4.8 MEDIUM |
| In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-34962 | 1 Openteknik | 1 Open Source Social Network | 2022-08-02 | N/A | 5.4 MEDIUM |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. | |||||
| CVE-2022-35284 | 1 Ibm | 1 Security Verify Information Queue | 2022-08-02 | N/A | 7.5 HIGH |
| IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811. | |||||
| CVE-2022-32959 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-02 | N/A | 6.8 MEDIUM |
| HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | |||||
| CVE-2021-40335 | 1 Abb | 2 Modular Switchgear Monitoring, Modular Switchgear Monitoring Firmware | 2022-08-02 | N/A | 8.8 HIGH |
| A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions. | |||||
| CVE-2021-43959 | 1 Atlassian | 2 Jira Service Desk, Jira Service Management | 2022-08-02 | N/A | 5.7 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2. | |||||
| CVE-2021-33450 | 1 Nasm | 1 Netwide Assembler | 2022-08-02 | N/A | 5.5 MEDIUM |
| An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. | |||||
| CVE-2021-33452 | 1 Nasm | 1 Netwide Assembler | 2022-08-02 | N/A | 5.5 MEDIUM |
| An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c. | |||||
| CVE-2021-33453 | 1 Long Range Zip Project | 1 Long Range Zip | 2022-08-02 | N/A | 7.8 HIGH |
| An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538. | |||||
| CVE-2021-40336 | 1 Abb | 2 Modular Switchgear Monitoring, Modular Switchgear Monitoring Firmware | 2022-08-02 | N/A | 8.8 HIGH |
| A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions. | |||||
| CVE-2022-31471 | 1 Untangle Project | 1 Untangle | 2022-08-01 | N/A | 7.5 HIGH |
| untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. | |||||
| CVE-2022-22999 | 1 Westerndigital | 16 My Cloud Dl2100, My Cloud Dl2100 Firmware, My Cloud Dl4100 and 13 more | 2022-08-01 | N/A | 4.8 MEDIUM |
| Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components. | |||||
| CVE-2022-33969 | 1 Oxilab | 1 Flipbox | 2022-08-01 | N/A | 7.2 HIGH |
| Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. | |||||
| CVE-2022-34965 | 1 Openteknik | 1 Open Source Social Network | 2022-08-01 | N/A | 7.2 HIGH |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-2131 | 1 Openkm | 1 Openkm | 2022-08-01 | N/A | 9.8 CRITICAL |
| OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack. | |||||
| CVE-2022-35650 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2022-08-01 | N/A | 7.5 HIGH |
| The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | |||||
| CVE-2022-35649 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2022-08-01 | N/A | 9.8 CRITICAL |
| The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. | |||||
| CVE-2022-24083 | 1 Pega | 1 Infinity | 2022-08-01 | N/A | 9.8 CRITICAL |
| Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. | |||||
| CVE-2022-35652 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2022-08-01 | N/A | 6.1 MEDIUM |
| An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | |||||