The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2022-2059 | In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | -- | Jul 25, 2022 |
CVE-2022-2032 | In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | -- | Jul 25, 2022 |
CVE-2022-2031 | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other\'s tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. | -- | Jul 28, 2022 |
CVE-2022-1948 | An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details. | -- | Jul 28, 2022 |
CVE-2022-1919 | Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Jul 28, 2022 |
CVE-2022-1805 | When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client. | -- | Jul 28, 2022 |
CVE-2022-1799 | Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release. | -- | Jul 29, 2022 |
CVE-2022-1648 | Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege. | -- | Jul 26, 2022 |
CVE-2022-1615 | In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | -- | Aug 1, 2022 |
CVE-2022-1551 | The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users\' sensitive files. | -- | Jul 29, 2022 |
CVE-2022-1539 | The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks. | -- | Jul 29, 2022 |
CVE-2022-1277 | Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | -- | Jul 29, 2022 |
CVE-2022-1232 | Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | -- | Jul 27, 2022 |
CVE-2022-1042 | In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | -- | Jul 26, 2022 |
CVE-2022-1041 | In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | -- | Jul 26, 2022 |
CVE-2022-0899 | The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. | -- | Jul 29, 2022 |
CVE-2022-0594 | The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | -- | Jul 29, 2022 |
CVE-2021-46830 | A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | -- | Jul 28, 2022 |
CVE-2021-43959 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2. | -- | Jul 26, 2022 |
CVE-2021-42537 | VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. | -- | Jul 28, 2022 |
CVE-2021-42535 | VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. | -- | Jul 28, 2022 |
CVE-2021-41556 | sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine. | -- | Jul 29, 2022 |
CVE-2021-40336 | A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions. | -- | Jul 25, 2022 |
CVE-2021-40335 | A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions. | -- | Jul 25, 2022 |
CVE-2021-40180 | In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user\'s address book via wx.searchContacts. | -- | Jul 27, 2022 |
CVE-2021-39088 | IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111. | -- | Jul 29, 2022 |
CVE-2021-38417 | VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing. | -- | Jul 28, 2022 |
CVE-2021-38410 | AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. | -- | Jul 28, 2022 |
CVE-2021-33468 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
CVE-2021-33467 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
CVE-2021-33466 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
CVE-2021-33465 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
CVE-2021-33464 | An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
CVE-2021-33463 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c. | -- | Jul 28, 2022 |
CVE-2021-33462 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c. | -- | Jul 28, 2022 |
CVE-2021-33461 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c. | -- | Jul 28, 2022 |
CVE-2021-33460 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
CVE-2021-33459 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. | -- | Jul 28, 2022 |
CVE-2021-33458 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
CVE-2021-33457 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
CVE-2021-33456 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 29, 2022 |
CVE-2021-33455 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 29, 2022 |
CVE-2021-33454 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. | -- | Jul 29, 2022 |
CVE-2021-33453 | An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538. | -- | Jul 26, 2022 |
CVE-2021-33452 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c. | -- | Jul 26, 2022 |
CVE-2021-33451 | An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c. | -- | Jul 26, 2022 |
CVE-2021-33450 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. | -- | Jul 26, 2022 |
CVE-2021-33449 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c. | -- | Jul 28, 2022 |
CVE-2021-33448 | An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. | -- | Jul 28, 2022 |
CVE-2021-33447 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c. | -- | Jul 28, 2022 |