Search Results (Refine Search)
- CVSS Version: 3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-27619 |
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. Published: August 02, 2022; 11:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0:(not available) |
CVE-2022-27618 |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. Published: August 02, 2022; 11:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-27617 |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. Published: August 02, 2022; 11:15:08 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-34969 |
PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. Published: August 02, 2022; 10:15:07 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-34968 |
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. Published: August 02, 2022; 10:15:07 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-34967 |
The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13. Published: August 02, 2022; 10:15:07 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-27616 |
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Published: August 02, 2022; 10:15:07 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2022-36197 |
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. Published: August 02, 2022; 9:15:07 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-34937 |
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. Published: August 02, 2022; 9:15:07 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-34928 |
JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. Published: August 02, 2022; 9:15:07 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-34927 |
MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file. Published: August 02, 2022; 9:15:07 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-37035 |
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. Published: August 02, 2022; 7:15:18 PM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2022-33917 |
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. Published: August 02, 2022; 7:15:18 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-36968 |
In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. Published: August 02, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-36967 |
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser. Published: August 02, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-34619 |
A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. Published: August 02, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-30285 |
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. Published: August 02, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-29808 |
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. Published: August 02, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-29807 |
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. Published: August 02, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-35925 |
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually. Published: August 02, 2022; 5:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |