The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-33847 | Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | Aug 19, 2022 |
| CVE-2021-33236 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-34033. Reason: This candidate is a duplicate of CVE-2022-34033. Notes: All CVE users should reference CVE-2022-34033 instead of this candidate. | -- | Aug 17, 2022 |
| CVE-2021-33235 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-34035. Reason: This candidate is a duplicate of CVE-2022-34035. Notes: All CVE users should reference CVE-2022-34035 instead of this candidate. | -- | Aug 17, 2022 |
| CVE-2021-33128 | Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access. | -- | Aug 19, 2022 |
| CVE-2021-33126 | Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access. | -- | Aug 19, 2022 |
| CVE-2021-33060 | Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | -- | Aug 19, 2022 |
| CVE-2021-32862 | The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer). | -- | Aug 20, 2022 |
| CVE-2021-30490 | upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation. | -- | Aug 17, 2022 |
| CVE-2021-30070 | An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system\'s package manager. | -- | Aug 19, 2022 |
| CVE-2021-26950 | Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. | -- | Aug 19, 2022 |
| CVE-2021-26639 | This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system. | -- | Aug 18, 2022 |
| CVE-2021-26257 | Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. | -- | Aug 19, 2022 |
| CVE-2021-26254 | Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable denial of service via local access. | -- | Aug 19, 2022 |
| CVE-2021-23223 | Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | -- | Aug 19, 2022 |
| CVE-2021-23188 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access. | -- | Aug 19, 2022 |
| CVE-2021-23179 | Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access. | -- | Aug 19, 2022 |
| CVE-2021-23168 | Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. | -- | Aug 19, 2022 |
| CVE-2020-36599 | lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value. | -- | Aug 19, 2022 |
| CVE-2020-27795 | A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command adf has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn). | -- | Aug 20, 2022 |
| CVE-2020-27794 | A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | -- | Aug 20, 2022 |
| CVE-2020-27793 | An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | -- | Aug 20, 2022 |
| CVE-2020-27792 | A heap-based buffer overwrite vulnerability was found in GhostScript\'s lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | -- | Aug 20, 2022 |
| CVE-2020-27790 | A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability. | -- | Aug 18, 2022 |
| CVE-2020-27788 | An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. | -- | Aug 19, 2022 |
| CVE-2020-27787 | A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. | -- | Aug 18, 2022 |
| CVE-2020-23622 | An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header | -- | Aug 16, 2022 |
| CVE-2020-23466 | Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. | -- | Aug 19, 2022 |
| CVE-2020-21642 | Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | -- | Aug 16, 2022 |
| CVE-2020-21641 | Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | -- | Aug 16, 2022 |
| CVE-2020-21365 | Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. | -- | Aug 16, 2022 |
| CVE-2020-14379 | A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker\'s configuration files, leading to denial of service and information disclosure. | -- | Aug 17, 2022 |
| CVE-2020-14322 | In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | -- | Aug 17, 2022 |
| CVE-2020-14321 | In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | -- | Aug 17, 2022 |
| CVE-2020-14320 | In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. | -- | Aug 17, 2022 |
| CVE-2020-10728 | A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | -- | Aug 17, 2022 |
| CVE-2020-10710 | A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password. | -- | Aug 17, 2022 |
| CVE-2020-1756 | In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool. | -- | Aug 17, 2022 |
| CVE-2020-1755 | In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user\'s IP, in order to bypass remote address checks. | -- | Aug 17, 2022 |
| CVE-2022-38183 | In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. | -- | Aug 12, 2022 |
| CVE-2022-38180 | In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases | -- | Aug 12, 2022 |
| CVE-2022-38179 | JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | -- | Aug 12, 2022 |
| CVE-2022-38161 | The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA. | -- | Aug 11, 2022 |
| CVE-2022-38155 | TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. | -- | Aug 11, 2022 |
| CVE-2022-38150 | In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. | -- | Aug 11, 2022 |
| CVE-2022-38133 | In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases | -- | Aug 12, 2022 |
| CVE-2022-38130 | The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\\\<attacker-host>\\sms\\<attacker-db.zip>), effectively controlling the content of the database to be restored. | -- | Aug 10, 2022 |
| CVE-2022-38129 | A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host. | -- | Aug 10, 2022 |
| CVE-2022-37423 | Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. | -- | Aug 12, 2022 |
| CVE-2022-37397 | An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password. | -- | Aug 12, 2022 |
| CVE-2022-37044 | In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim\'s machine. | -- | Aug 12, 2022 |
