Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34503 | 1 Qpdf Project | 1 Qpdf | 2022-07-28 | N/A | 6.5 MEDIUM |
| QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2022-34550 | 1 Student Information Management System Project | 1 Student Information Management System | 2022-07-28 | N/A | 5.4 MEDIUM |
| Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter. | |||||
| CVE-2022-34991 | 1 Techvill | 1 Paymoney | 2022-07-28 | N/A | 5.4 MEDIUM |
| Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. | |||||
| CVE-2021-26384 | 1 Amd | 104 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 101 more | 2022-07-28 | N/A | 7.8 HIGH |
| A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | |||||
| CVE-2022-34520 | 1 Radare | 1 Radare2 | 2022-07-28 | N/A | 5.5 MEDIUM |
| Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file. | |||||
| CVE-2021-26382 | 1 Amd | 70 Ryzen 3 3200u, Ryzen 3 3200u Firmware, Ryzen 3 3250u and 67 more | 2022-07-28 | N/A | 4.4 MEDIUM |
| An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | |||||
| CVE-2022-34502 | 1 Radare | 1 Radare2 | 2022-07-28 | N/A | 5.5 MEDIUM |
| Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file. | |||||
| CVE-2022-34501 | 1 Pypi | 1 Pypi | 2022-07-28 | N/A | 9.8 CRITICAL |
| The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | |||||
| CVE-2022-34500 | 1 Pypi | 1 Pypi | 2022-07-28 | N/A | 9.8 CRITICAL |
| The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | |||||
| CVE-2022-2139 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 9.8 CRITICAL |
| The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | |||||
| CVE-2022-2510 | 1 Hallowelt | 1 Bluespice | 2022-07-28 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL. | |||||
| CVE-2022-35653 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-07-28 | N/A | 6.1 MEDIUM |
| A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. | |||||
| CVE-2022-34988 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2022-07-28 | N/A | 5.4 MEDIUM |
| Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. | |||||
| CVE-2022-34037 | 1 Caddyserver | 1 Caddy | 2022-07-28 | N/A | 7.5 HIGH |
| An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. | |||||
| CVE-2022-2142 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 5.9 MEDIUM |
| The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2138 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 7.5 HIGH |
| The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. | |||||
| CVE-2022-2137 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 4.9 MEDIUM |
| The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information | |||||
| CVE-2022-2136 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 6.5 MEDIUM |
| The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2135 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 7.5 HIGH |
| The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2021-45492 | 1 Sage | 1 Sage 300 | 2022-07-28 | N/A | 7.8 HIGH |
| In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set explicit permissions and therefore inherits weak permissions from the C:\ folder. Because entries in the system-wide PATH variable are included in the search order for DLLs, an attacker could perform DLL search-order hijacking to escalate their privileges to SYSTEM. Furthermore, if the Global Search or Web Screens functionality is enabled, then privilege escalation is possible via the GlobalSearchService and Sage.CNA.WindowsService services, again via DLL search-order hijacking because unprivileged users would have modify permissions on the application directory. Note that while older versions of the software default to installing in %PROGRAMFILES(X86)% (which would allow the Sage folder to inherit strong permissions, making the installation not vulnerable), the official Sage 300 installation guides for those versions recommend installing in C:\Sage, which would make the installation vulnerable. | |||||