| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-31651 |
|
|
|
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. |
|
2 |
CVE-2022-31650 |
|
|
|
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. |
|
3 |
CVE-2022-31624 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
4 |
CVE-2022-31623 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
5 |
CVE-2022-31622 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
6 |
CVE-2022-31621 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
|
7 |
CVE-2022-31620 |
|
|
DoS |
2022-05-25 |
2022-05-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. |
|
8 |
CVE-2022-31489 |
|
|
Sql |
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. |
|
9 |
CVE-2022-31488 |
|
|
Sql |
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. |
|
10 |
CVE-2022-31487 |
|
|
Sql |
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. |
|
11 |
CVE-2022-31467 |
|
|
|
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation. |
|
12 |
CVE-2022-31466 |
|
|
|
2022-05-23 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check. |
|
13 |
CVE-2022-31268 |
|
|
|
2022-05-21 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). |
|
14 |
CVE-2022-31267 |
|
|
|
2022-05-21 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value. |
|
15 |
CVE-2022-31264 |
|
|
Overflow |
2022-05-21 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. |
|
16 |
CVE-2022-31263 |
|
|
Bypass |
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. |
|
17 |
CVE-2022-31261 |
|
|
|
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. |
|
18 |
CVE-2022-31259 |
|
|
Bypass |
2022-05-21 |
2022-05-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). |
|
19 |
CVE-2022-31258 |
|
|
|
2022-05-20 |
2022-05-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. |
|
20 |
CVE-2022-31245 |
|
|
|
2022-05-20 |
2022-05-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. |
|
21 |
CVE-2022-31215 |
|
|
Bypass |
2022-05-20 |
2022-05-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11. |
|
22 |
CVE-2022-30994 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 |
|
23 |
CVE-2022-30993 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 |
|
24 |
CVE-2022-30992 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 |
|
25 |
CVE-2022-30991 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 |
|
26 |
CVE-2022-30990 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 |
|
27 |
CVE-2022-30976 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. |
|
28 |
CVE-2022-30975 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. |
|
29 |
CVE-2022-30974 |
|
|
|
2022-05-18 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. |
|
30 |
CVE-2022-30957 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
|
31 |
CVE-2022-30956 |
|
|
XSS |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. |
|
32 |
CVE-2022-30955 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
|
33 |
CVE-2022-30954 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. |
|
34 |
CVE-2022-30953 |
|
|
CSRF |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. |
|
35 |
CVE-2022-30952 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. |
|
36 |
CVE-2022-30951 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. |
|
37 |
CVE-2022-30950 |
|
|
Exec Code Overflow |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine. |
|
38 |
CVE-2022-30949 |
|
|
+Info |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
|
39 |
CVE-2022-30948 |
|
|
+Info |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
|
40 |
CVE-2022-30947 |
|
|
+Info |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. |
|
41 |
CVE-2022-30946 |
|
|
CSRF |
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. |
|
42 |
CVE-2022-30945 |
|
|
|
2022-05-17 |
2022-05-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. |
|
43 |
CVE-2022-30887 |
|
|
Exec Code |
2022-05-20 |
2022-05-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. |
|
44 |
CVE-2022-30886 |
|
|
Sql |
2022-05-20 |
2022-05-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. |
|
45 |
CVE-2022-30843 |
|
|
Sql |
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. |
|
46 |
CVE-2022-30842 |
|
|
XSS |
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. |
|
47 |
CVE-2022-30839 |
|
|
XSS |
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. |
|
48 |
CVE-2022-30838 |
|
|
Sql |
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status |
|
49 |
CVE-2022-30837 |
|
|
XSS |
2022-05-24 |
2022-05-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. |
|
50 |
CVE-2022-30689 |
|
|
|
2022-05-17 |
2022-05-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3. |
