U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-1740 - The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to di... read CVE-2022-1740
    Published: June 24, 2022; 11:15:09 AM -0400

    V3.1: 4.6 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2022-1741 - The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.
    Published: June 24, 2022; 11:15:09 AM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 7.2 HIGH

  • CVE-2022-1742 - The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a devi... read CVE-2022-1742
    Published: June 24, 2022; 11:15:09 AM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 7.2 HIGH

  • CVE-2022-1743 - The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X dev... read CVE-2022-1743
    Published: June 24, 2022; 11:15:09 AM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 7.2 HIGH

  • CVE-2022-1744 - Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or insta... read CVE-2022-1744
    Published: June 24, 2022; 11:15:09 AM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 7.2 HIGH

  • CVE-2022-1745 - The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malici... read CVE-2022-1745
    Published: June 24, 2022; 11:15:09 AM -0400

    V3.1: 6.8 MEDIUM
    V2.0: 7.2 HIGH

  • CVE-2022-1746 - The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerabi... read CVE-2022-1746
    Published: June 24, 2022; 11:15:10 AM -0400

    V3.1: 7.6 HIGH
    V2.0: 7.2 HIGH

  • CVE-2022-27238 - BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the vict... read CVE-2022-27238
    Published: June 24, 2022; 12:15:09 PM -0400

    V3.1: 5.4 MEDIUM
    V2.0: 3.5 LOW

  • CVE-2022-29330 - Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.
    Published: June 24, 2022; 12:15:09 PM -0400

    V3.1: 4.9 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2022-31767 - IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.
    Published: June 24, 2022; 12:15:09 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 10.0 HIGH

  • CVE-2022-33953 - IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.
    Published: June 24, 2022; 12:15:10 PM -0400

    V3.1: 4.6 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2022-32998 - The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as we... read CVE-2022-32998
    Published: June 24, 2022; 5:15:08 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-32997 - The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as esc... read CVE-2022-32997
    Published: June 24, 2022; 5:15:08 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-32996 - The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escal... read CVE-2022-32996
    Published: June 24, 2022; 5:15:07 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-21742 - Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.
    Published: June 20, 2022; 2:15:08 AM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 3.3 LOW

  • CVE-2021-3675 - Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint D... read CVE-2021-3675
    Published: June 16, 2022; 1:15:07 PM -0400

    V3.1: 7.1 HIGH
    V2.0: 3.6 LOW

  • CVE-2022-1642 - A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserial... read CVE-2022-1642
    Published: June 16, 2022; 1:15:07 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2022-31070 - NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies (e.g. session cookies) from being forwarded to backend services configured by the applicati... read CVE-2022-31070
    Published: June 15, 2022; 3:15:11 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2022-31069 - NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the appli... read CVE-2022-31069
    Published: June 15, 2022; 3:15:11 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2020-21046 - A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privileg... read CVE-2020-21046
    Published: June 24, 2022; 12:15:08 PM -0400

    V3.1: 7.8 HIGH
    V2.0: 7.2 HIGH