| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1851 |
CVE-2022-31770 |
|
|
DoS |
2022-07-05 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. |
|
1852 |
CVE-2022-31805 |
523 |
|
|
2022-06-24 |
2022-06-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. |
|
1853 |
CVE-2022-31806 |
1188 |
|
|
2022-06-24 |
2022-06-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller. |
|
1854 |
CVE-2022-31836 |
|
|
|
2022-07-05 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. |
|
1855 |
CVE-2022-31856 |
|
|
Sql |
2022-07-05 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. |
|
1856 |
CVE-2022-31883 |
|
|
|
2022-06-28 |
2022-06-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. |
|
1857 |
CVE-2022-31884 |
|
|
|
2022-06-28 |
2022-06-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. |
|
1858 |
CVE-2022-31885 |
|
|
|
2022-06-28 |
2022-06-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. |
|
1859 |
CVE-2022-31886 |
|
|
CSRF |
2022-06-28 |
2022-06-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. |
|
1860 |
CVE-2022-31887 |
|
|
|
2022-06-28 |
2022-06-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. |
|
1861 |
CVE-2022-31897 |
|
|
XSS |
2022-06-29 |
2022-06-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. |
|
1862 |
CVE-2022-31943 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. |
|
1863 |
CVE-2022-32030 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. |
|
1864 |
CVE-2022-32031 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. |
|
1865 |
CVE-2022-32032 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. |
|
1866 |
CVE-2022-32033 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. |
|
1867 |
CVE-2022-32034 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. |
|
1868 |
CVE-2022-32035 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. |
|
1869 |
CVE-2022-32036 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. |
|
1870 |
CVE-2022-32037 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. |
|
1871 |
CVE-2022-32039 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. |
|
1872 |
CVE-2022-32040 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. |
|
1873 |
CVE-2022-32041 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. |
|
1874 |
CVE-2022-32043 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. |
|
1875 |
CVE-2022-32044 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. |
|
1876 |
CVE-2022-32045 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. |
|
1877 |
CVE-2022-32046 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. |
|
1878 |
CVE-2022-32047 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. |
|
1879 |
CVE-2022-32048 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. |
|
1880 |
CVE-2022-32049 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. |
|
1881 |
CVE-2022-32050 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. |
|
1882 |
CVE-2022-32051 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. |
|
1883 |
CVE-2022-32052 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. |
|
1884 |
CVE-2022-32053 |
|
|
Overflow |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. |
|
1885 |
CVE-2022-32081 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. |
|
1886 |
CVE-2022-32082 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. |
|
1887 |
CVE-2022-32083 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. |
|
1888 |
CVE-2022-32084 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
|
1889 |
CVE-2022-32085 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. |
|
1890 |
CVE-2022-32086 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. |
|
1891 |
CVE-2022-32087 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. |
|
1892 |
CVE-2022-32088 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. |
|
1893 |
CVE-2022-32089 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. |
|
1894 |
CVE-2022-32091 |
|
|
|
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. |
|
1895 |
CVE-2022-32092 |
|
|
|
2022-06-27 |
2022-06-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. |
|
1896 |
CVE-2022-32093 |
|
|
Sql |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. |
|
1897 |
CVE-2022-32094 |
|
|
Sql |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. |
|
1898 |
CVE-2022-32095 |
|
|
Sql |
2022-07-01 |
2022-07-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. |
|
1899 |
CVE-2022-32209 |
|
|
XSS |
2022-06-24 |
2022-06-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user). |
|
1900 |
CVE-2022-32284 |
|
|
|
2022-07-04 |
2022-07-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. |
