The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2022-33659 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33658 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33657 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33656 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33655 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33654 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33653 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33652 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33651 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33650 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33644 | Xbox Live Save Service Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33643 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33642 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33641 | Azure Site Recovery Elevation of Privilege Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33637 | Microsoft Defender for Endpoint Tampering Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33632 | Microsoft Office Security Feature Bypass Vulnerability | MEDIUM | Jul 13, 2022 |
CVE-2022-33173 | An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead. | MEDIUM | Jul 12, 2022 |
CVE-2022-33157 | The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. | MEDIUM | Jul 13, 2022 |
CVE-2022-33156 | The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. | MEDIUM | Jul 13, 2022 |
CVE-2022-33138 | A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device. | MEDIUM | Jul 15, 2022 |
CVE-2022-33137 | A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\' sessions. | MEDIUM | Jul 15, 2022 |
CVE-2022-32434 | EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d. | MEDIUM | Jul 16, 2022 |
CVE-2022-32416 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. | MEDIUM | Jul 15, 2022 |
CVE-2022-32415 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. | MEDIUM | Jul 15, 2022 |
CVE-2022-32406 | GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file. | MEDIUM | Jul 15, 2022 |
CVE-2022-32317 | The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable. | MEDIUM | Jul 15, 2022 |
CVE-2022-32298 | Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors. | MEDIUM | Jul 15, 2022 |
CVE-2022-32297 | Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. | MEDIUM | Jul 15, 2022 |
CVE-2022-32249 | Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | MEDIUM | Jul 13, 2022 |
CVE-2022-32248 | Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. | MEDIUM | Jul 13, 2022 |
CVE-2022-32247 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | MEDIUM | Jul 13, 2022 |
CVE-2022-32246 | SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application | MEDIUM | Jul 13, 2022 |
CVE-2022-32114 | An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library Create (upload) permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired. | MEDIUM | Jul 14, 2022 |
CVE-2022-32096 | Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. | MEDIUM | Jul 13, 2022 |
CVE-2022-31904 | EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php. | MEDIUM | Jul 12, 2022 |
CVE-2022-31598 | Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | MEDIUM | Jul 16, 2022 |
CVE-2022-31597 | Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | MEDIUM | Jul 13, 2022 |
CVE-2022-31593 | SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | MEDIUM | Jul 16, 2022 |
CVE-2022-31592 | The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | MEDIUM | Jul 16, 2022 |
CVE-2022-31591 | SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | MEDIUM | Jul 16, 2022 |
CVE-2022-31588 | The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |
CVE-2022-31587 | The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |
CVE-2022-31586 | The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |
CVE-2022-31585 | The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |
CVE-2022-31584 | The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |
CVE-2022-31583 | The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |
CVE-2022-31582 | The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |
CVE-2022-31581 | The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |
CVE-2022-31580 | The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | MEDIUM | Jul 15, 2022 |