Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41031 | 1 Fortinet | 1 Forticlient | 2022-07-25 | N/A | 7.8 HIGH |
| A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. | |||||
| CVE-2022-23438 | 1 Fortinet | 1 Fortios | 2022-07-25 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. | |||||
| CVE-2022-26118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-07-25 | N/A | 6.7 MEDIUM |
| A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. | |||||
| CVE-2022-26120 | 1 Fortinet | 1 Fortiadc | 2022-07-25 | N/A | 8.8 HIGH |
| Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-35648 | 1 Nautilus | 4 T616, T616 Firmware, T618 and 1 more | 2022-07-25 | 2.1 LOW | 2.4 LOW |
| Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time). | |||||
| CVE-2022-27910 | 1 Joomlatools | 1 Docman | 2022-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function | |||||
| CVE-2021-3149 | 1 Netshieldcorp | 2 Nano 25, Nano 25 Firmware | 2022-07-25 | 9.0 HIGH | 7.2 HIGH |
| On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. | |||||
| CVE-2021-29063 | 2 Fedoraproject, Mpmath | 2 Fedora, Mpmath | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called. | |||||
| CVE-2022-20222 | 1 Google | 1 Android | 2022-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096 | |||||
| CVE-2022-20221 | 1 Google | 1 Android | 2022-07-25 | 3.3 LOW | 6.5 MEDIUM |
| In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133 | |||||
| CVE-2022-20220 | 1 Google | 1 Android | 2022-07-25 | 7.2 HIGH | 7.8 HIGH |
| In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-219015884 | |||||
| CVE-2022-0209 | 1 Facebook-wall-and-social-integration Project | 1 Facebook-wall-and-social-integration | 2022-07-25 | 3.5 LOW | 4.8 MEDIUM |
| The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-20228 | 1 Google | 1 Android | 2022-07-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213850092 | |||||
| CVE-2022-20236 | 1 Google | 1 Android | 2022-07-25 | 7.8 HIGH | 7.5 HIGH |
| A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709 | |||||
| CVE-2022-32114 | 1 Strapi | 1 Strapi | 2022-07-25 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2020-21967 | 1 Prestashop | 1 Prestashop | 2022-07-25 | 3.5 LOW | 4.8 MEDIUM |
| File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page. | |||||
| CVE-2020-10930 | 1 Netgear | 2 R6700, R6700 Firmware | 2022-07-25 | 3.3 LOW | 6.5 MEDIUM |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618. | |||||
| CVE-2020-1765 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2022-07-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | |||||
| CVE-2020-1690 | 1 Redhat | 2 Openstack-selinux, Openstack Platform | 2022-07-25 | 4.9 MEDIUM | 6.5 MEDIUM |
| An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. | |||||
| CVE-2020-14388 | 1 Redhat | 1 3scale Api Management | 2022-07-25 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission. | |||||