The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-33208 | Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software \'Sysmac Studio\' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software \'Sysmac Studio\' and/or a Programmable Terminal (PT) to access the controller. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-33098 | Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | MEDIUM | Jul 7, 2022 | n/a |
CVE-2022-33011 | Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. | MEDIUM | Jul 8, 2022 | n/a |
CVE-2022-32441 | A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056. | MEDIUM | Jul 7, 2022 | n/a |
CVE-2022-32115 | An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file. | MEDIUM | Jul 8, 2022 | n/a |
CVE-2022-32055 | Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. | MEDIUM | Jul 7, 2022 | n/a |
CVE-2022-31854 | Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. | MEDIUM | Jul 7, 2022 | n/a |
CVE-2022-31770 | IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-31136 | Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue. | MEDIUM | Jul 7, 2022 | n/a |
CVE-2022-31131 | Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com) | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-31129 | moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. | MEDIUM | Jul 8, 2022 | n/a |
CVE-2022-31127 | NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: `balazs@email.com, <a href=http://attacker.com>Before signing in, claim your money!</a>`. This was previously sent to `balazs@email.com`, and the content of the email containing a link to the attacker\'s site was rendered in the HTML. This has been remedied in the following releases, by simply not rendering that e-mail in the HTML, since it should be obvious to the receiver what e-mail they used: next-auth v3 users before version 3.29.8 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. next-auth v4 users before version 4.9.0 are impacted. If for some reason you cannot upgrade, the workaround requires you to sanitize the `email` parameter that is passed to `sendVerificationRequest` and rendered in the HTML. If you haven\'t created a custom `sendVerificationRequest`, you only need to upgrade. Otherwise, make sure to either exclude `email` from the HTML body or efficiently sanitize it. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-31124 | openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key\'s sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-31121 | Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue. | MEDIUM | Jul 7, 2022 | n/a |
CVE-2022-31117 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-31116 | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library\'s `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-31111 | Frontier is Substrate\'s Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value transferred. It is recommended that an emergency upgrade to be planned and EVM execution temporarily paused in the mean time. The issue is patched in Frontier master branch commit fed5e0a9577c10bea021721e8c2c5c378e16bf66 and polkadot-v0.9.22 branch commit e3e427fa2e5d1200a784679f8015d4774cedc934. This vulnerability affects only EVM internal states, but not Substrate balance states or node. You can temporarily pause EVM execution (by setting up a Substrate `CallFilter` that disables `pallet-evm` and `pallet-ethereum` calls before the patch can be applied. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-30929 | Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-30852 | Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | MEDIUM | Jul 8, 2022 | n/a |
CVE-2022-30619 | Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-30591 | quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the vendor\'s position is that this behavior should not be listed as a vulnerability on the CVE List | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-30290 | In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-29892 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-29484 | Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-29471 | Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-29467 | Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-28935 | Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-28889 | In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header. | MEDIUM | Jul 7, 2022 | n/a |
CVE-2022-28718 | Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-28713 | Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-28692 | Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-27910 | In Joomla component \'Joomlatools - DOCman 3.5.13 (and likely most versions below)\' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function | MEDIUM | Jul 10, 2022 | n/a |
CVE-2022-27807 | Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-27803 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-27661 | Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-27627 | Cross-site scripting vulnerability in Organization\'s Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user\'s web browser. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-26368 | Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-26054 | Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-26051 | Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. | MEDIUM | Jul 5, 2022 | n/a |
CVE-2022-25047 | The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. | MEDIUM | Jul 7, 2022 | n/a |
CVE-2022-24141 | The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-24140 | IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-23713 | A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-23173 | this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the Login menu - demo site then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn\'t perform it before the parameter changed. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-23172 | An attacker can access to Forgot my password button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-22681 | Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. | MEDIUM | Jul 6, 2022 | n/a |
CVE-2022-22476 | IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. | MEDIUM | Jul 8, 2022 | n/a |
CVE-2022-22465 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. | MEDIUM | Jul 8, 2022 | n/a |
CVE-2022-22464 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. | MEDIUM | Jul 8, 2022 | n/a |
CVE-2022-22463 | IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. | MEDIUM | Jul 8, 2022 | n/a |