Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34067 | 1 Warehouse Management System Project | 1 Warehouse Management System | 2022-08-01 | N/A | 7.5 HIGH |
| Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the cari parameter. | |||||
| CVE-2022-31879 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-08-01 | N/A | 8.8 HIGH |
| Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter. | |||||
| CVE-2022-22686 | 1 Synology | 1 Calendar | 2022-08-01 | N/A | 8.0 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2021-25682 | 1 Canonical | 1 Apport | 2022-08-01 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | |||||
| CVE-2021-26313 | 6 Amd, Arm, Broadcom and 3 more | 11 Ryzen 5 5600x, Ryzen 7 2700x, Ryzen Threadripper 2990wx and 8 more | 2022-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. | |||||
| CVE-2020-28443 | 1 Sonar-wrapper Project | 1 Sonar-wrapper | 2022-08-01 | N/A | 9.8 CRITICAL |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. | |||||
| CVE-2021-26118 | 2 Apache, Netapp | 2 Activemq Artemis, Oncommand Workflow Automation | 2022-08-01 | 5.0 MEDIUM | 7.5 HIGH |
| While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | |||||
| CVE-2020-28441 | 1 Conf-cfg-ini Project | 1 Conf-cfg-ini | 2022-08-01 | N/A | 9.8 CRITICAL |
| This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context. | |||||
| CVE-2021-26262 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2022-08-01 | 5.0 MEDIUM | 5.5 MEDIUM |
| Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2021-25955 | 1 Dolibarr | 1 Dolibarr | 2022-08-01 | 3.5 LOW | 9.0 CRITICAL |
| In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account takeover of the admin and due to other vulnerability (Improper Access Control on Private notes) a low privileged user can update the private notes which could lead to privilege escalation. | |||||
| CVE-2022-35131 | 1 Joplinapp | 1 Joplin | 2022-08-01 | N/A | 9.0 CRITICAL |
| Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. | |||||
| CVE-2021-25654 | 1 Avaya | 1 Aura Device Services | 2022-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services. | |||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2022-08-01 | N/A | 7.2 HIGH |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | |||||
| CVE-2021-26253 | 1 Splunk | 1 Splunk | 2022-08-01 | 6.8 MEDIUM | 8.1 HIGH |
| A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. | |||||
| CVE-2022-35288 | 1 Ibm | 1 Security Verify Information Queue | 2022-08-01 | N/A | 6.5 MEDIUM |
| IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818. | |||||
| CVE-2021-25973 | 1 Publify Project | 1 Publify | 2022-08-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only. | |||||
| CVE-2022-35287 | 1 Ibm | 1 Security Verify Information Queue | 2022-08-01 | N/A | 7.5 HIGH |
| IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817. | |||||
| CVE-2021-25490 | 1 Google | 1 Android | 2022-08-01 | 3.6 LOW | 6.0 MEDIUM |
| A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. | |||||
| CVE-2021-25504 | 1 Samsung | 1 Group Sharing | 2022-08-01 | 2.1 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. | |||||
| CVE-2021-25500 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2022-08-01 | 2.1 LOW | 4.4 MEDIUM |
| A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. | |||||