| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1651 |
CVE-2022-2105 |
841 |
|
Bypass |
2022-06-24 |
2022-06-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters. |
|
1652 |
CVE-2022-2106 |
23 |
|
|
2022-06-27 |
2022-06-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. |
|
1653 |
CVE-2022-2140 |
79 |
|
XSS |
2022-06-27 |
2022-06-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. |
|
1654 |
CVE-2022-2145 |
|
|
|
2022-06-28 |
2022-06-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. |
|
1655 |
CVE-2022-2185 |
|
|
Exec Code |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature. |
|
1656 |
CVE-2022-2197 |
287 |
|
|
2022-06-30 |
2022-06-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. |
|
1657 |
CVE-2022-2206 |
125 |
|
|
2022-06-26 |
2022-07-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
|
1658 |
CVE-2022-2207 |
122 |
|
Overflow |
2022-06-27 |
2022-07-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
|
1659 |
CVE-2022-2208 |
476 |
|
|
2022-06-27 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. |
|
1660 |
CVE-2022-2210 |
787 |
|
|
2022-06-27 |
2022-07-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
|
1661 |
CVE-2022-2212 |
|
|
|
2022-06-27 |
2022-06-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
|
1662 |
CVE-2022-2213 |
|
|
XSS |
2022-06-27 |
2022-06-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
|
1663 |
CVE-2022-2214 |
|
|
Sql |
2022-06-27 |
2022-06-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
|
1664 |
CVE-2022-2216 |
918 |
|
|
2022-06-27 |
2022-06-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. |
|
1665 |
CVE-2022-2217 |
79 |
|
XSS |
2022-06-27 |
2022-06-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. |
|
1666 |
CVE-2022-2218 |
79 |
|
XSS |
2022-06-27 |
2022-06-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. |
|
1667 |
CVE-2022-2221 |
|
|
|
2022-06-27 |
2022-06-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. |
|
1668 |
CVE-2022-2227 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions |
|
1669 |
CVE-2022-2228 |
|
|
+Info |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range |
|
1670 |
CVE-2022-2229 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. |
|
1671 |
CVE-2022-2230 |
|
|
Exec Code XSS |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf. |
|
1672 |
CVE-2022-2231 |
476 |
|
|
2022-06-28 |
2022-07-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. |
|
1673 |
CVE-2022-2235 |
|
|
XSS |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link |
|
1674 |
CVE-2022-2243 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. |
|
1675 |
CVE-2022-2244 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature. |
|
1676 |
CVE-2022-2246 |
1321 |
|
|
2022-06-28 |
2022-06-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Prototype Pollution in GitHub repository clever/underscore.deep prior to 0.5.3. |
|
1677 |
CVE-2022-2250 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. |
|
1678 |
CVE-2022-2252 |
601 |
|
|
2022-06-29 |
2022-06-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. |
|
1679 |
CVE-2022-2253 |
78 |
|
Exec Code |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. |
|
1680 |
CVE-2022-2254 |
79 |
|
XSS |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. |
|
1681 |
CVE-2022-2257 |
125 |
|
|
2022-06-30 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
|
1682 |
CVE-2022-2264 |
122 |
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
|
1683 |
CVE-2022-2268 |
94 |
|
|
2022-07-04 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE |
|
1684 |
CVE-2022-2270 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. |
|
1685 |
CVE-2022-2274 |
|
|
Exec Code Mem. Corr. |
2022-07-01 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. |
|
1686 |
CVE-2022-2279 |
476 |
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. |
|
1687 |
CVE-2022-2280 |
79 |
|
XSS |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. |
|
1688 |
CVE-2022-2281 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases. |
|
1689 |
CVE-2022-2282 |
285 |
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper Authorization in GitHub repository saltstack/salt prior to 3004.2. |
|
1690 |
CVE-2022-2284 |
122 |
|
Overflow |
2022-07-02 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
|
1691 |
CVE-2022-2285 |
190 |
|
Overflow |
2022-07-02 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. |
|
1692 |
CVE-2022-2286 |
125 |
|
|
2022-07-02 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
|
1693 |
CVE-2022-2287 |
125 |
|
|
2022-07-02 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
|
1694 |
CVE-2022-2288 |
787 |
|
|
2022-07-03 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. |
|
1695 |
CVE-2022-2289 |
416 |
|
|
2022-07-03 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use After Free in GitHub repository vim/vim prior to 9.0. |
|
1696 |
CVE-2022-2290 |
|
|
XSS |
2022-07-03 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. |
|
1697 |
CVE-2022-2300 |
79 |
|
XSS |
2022-07-04 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. |
|
1698 |
CVE-2022-2301 |
|
|
|
2022-07-04 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. |
|
1699 |
CVE-2022-2304 |
121 |
|
Overflow |
2022-07-05 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
|
1700 |
CVE-2022-2306 |
613 |
|
|
2022-07-05 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Old session tokens can be used to authenticate to the application and send authenticated requests. |
