Uncategorized CVEs — 2022 (Page 9/27)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2022-08-10

Critical

CVE-2022-35537

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35536

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35535

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35534

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35533

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35526

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35525

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35524

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which lead…

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35523

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35522

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /w…

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35521

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, whic…

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35520

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This lead…

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35519

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35518

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.

CVSS: 9.8CWE: N/A

High

CVE-2022-35517

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd…

CVSS: 8.8CWE: N/A

High

CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

CVSS: 7.5CWE: N/A

Medium

CVE-2022-32148

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for t…

CVSS: 6.5CWE: N/A

High

CVE-2022-31675

VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.

CVSS: 7.5CWE: N/A

High

CVE-2022-31673

VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Suc…

CVSS: 8.8CWE: N/A

High

CVE-2022-31672

VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.

CVSS: 7.2CWE: N/A

Medium

CVE-2022-28881

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine…

CVSS: 4.3CWE: N/A

Medium

CVE-2022-23238

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could a…

CVSS: 6.5CWE: N/A

Critical

CVE-2022-20361

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege wi…

CVSS: 9.8CWE: N/A

High

CVE-2022-20354

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg…

CVSS: 7.8CWE: N/A

High

CVE-2022-20347

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no a…

CVSS: 8.8CWE: N/A

High

CVE-2021-40040

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2021-40034

The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability.

CVSS: 7.5CWE: N/A

High

CVE-2021-40030

The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.

CVSS: 7.5CWE: N/A

High

CVE-2021-39696

In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i…

CVSS: 7.8CWE: N/A

High

CVE-2022-22369

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. IBM X-Force ID: 221187.

CVSS: 7.1CWE: N/A

2022-08-09

High

CVE-2022-35827

Visual Studio Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-35826

Visual Studio Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-35825

Visual Studio Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-35824

Azure Site Recovery Remote Code Execution Vulnerability

CVSS: 7.2CWE: N/A

Medium

CVE-2022-35821

Azure Sphere Information Disclosure Vulnerability

CVSS: 4.4CWE: N/A

High

CVE-2022-35820

Windows Bluetooth Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-35819

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35818

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35817

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35816

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35815

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35814

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35813

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35812

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9CWE: N/A

Medium

CVE-2022-35811

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35810

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35809

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35808

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35807

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2022-35806

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-35804

SMB Client and Server Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-35802

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 8.1CWE: N/A

Medium

CVE-2022-35801

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35800

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9CWE: N/A

Medium

CVE-2022-35799

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35797

Windows Hello Security Feature Bypass Vulnerability

CVSS: 6.1CWE: N/A

High

CVE-2022-35795

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-35794

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVSS: 8.1CWE: N/A

High

CVE-2022-35793

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.3CWE: N/A

High

CVE-2022-35792

Storage Spaces Direct Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-35791

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35790

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35789

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35788

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35787

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.9CWE: N/A

Medium

CVE-2022-35786

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35785

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35784

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2022-35783

Azure Site Recovery Elevation of Privilege Vulnerability

CVSS: 4.4CWE: N/A

High

CVE-2022-35760

Microsoft ATA Port Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-34717

Microsoft Office Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2022-34713

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-34690

Windows Fax Service Elevation of Privilege Vulnerability

CVSS: 7.1CWE: N/A

High

CVE-2022-34687

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2022-34686

Azure RTOS GUIX Studio Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2022-34685

Azure RTOS GUIX Studio Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2022-33670

Windows Partition Management Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Critical

CVE-2022-33649

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVSS: 9.6CWE: N/A

High

CVE-2022-33648

Microsoft Excel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2022-30144

Windows Bluetooth Service Remote Code Execution Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2022-30134

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A

Critical

CVE-2022-30133

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

CVSS: 9.8CWE: N/A

High

CVE-2022-24516

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0CWE: N/A

High

CVE-2022-24477

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0CWE: N/A

High

CVE-2022-21980

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS: 8.0CWE: N/A

Medium

CVE-2022-21979

Microsoft Exchange Server Information Disclosure Vulnerability

CVSS: 4.8CWE: N/A

Medium

CVE-2022-30574

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community E…

CVSS: 4.6CWE: N/A

Medium

CVE-2022-30573

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily ex…

CVSS: 6.7CWE: N/A

2022-08-08

High

CVE-2022-34293

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.

CVSS: 7.5CWE: N/A

Critical

CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafti…

CVSS: 9.8CWE: N/A

High

CVE-2022-36265

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not lis…

CVSS: 7.2CWE: N/A

Medium

CVE-2022-35489

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.

CVSS: 6.5CWE: N/A

High

CVE-2022-35488

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many gener…

CVSS: 7.5CWE: N/A

Critical

CVE-2022-2460

The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthe…

CVSS: 9.8CWE: N/A

2022-08-05

Medium

CVE-2022-37450

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-c…

CVSS: 5.9CWE: N/A

High

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled

CVSS: 7.2CWE: N/A

Medium

CVE-2022-28880

A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The…

CVSS: 4.3CWE: N/A

High

CVE-2022-27535

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated atta…

CVSS: 7.8CWE: N/A

High

CVE-2022-31664

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

CVSS: 7.8CWE: N/A

High

CVE-2022-31661

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.

CVSS: 7.8CWE: N/A

High

CVE-2022-31660

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.

CVSS: 7.8CWE: N/A

Critical

CVE-2022-31656

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may…

CVSS: 9.8CWE: N/A

Medium

CVE-2022-2539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by co…

CVSS: 5.3CWE: N/A

Low

CVE-2022-2534

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitL…

CVSS: 2.2CWE: N/A

Medium

CVE-2022-2512

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Mem…

CVSS: 6.5CWE: N/A

High

CVE-2022-2497

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A m…

CVSS: 8.5CWE: N/A

Medium

CVE-2022-2456

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for…

CVSS: 4.9CWE: N/A

Medium

CVE-2022-25649

Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.

CVSS: 5.0CWE: CWE-264

Medium

CVE-2022-37416

Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.

CVSS: 6.5CWE: N/A

Critical

CVE-2022-21186

The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input.

CVSS: 9.8CWE: N/A

2022-08-03

High

CVE-2022-35158

A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script.

CVSS: 7.5CWE: N/A

Critical

CVE-2022-35620

D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.

CVSS: 9.8CWE: N/A

Critical

CVE-2022-35619

D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.

CVSS: 9.8CWE: N/A

Medium

CVE-2022-23442

An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user pro…

CVSS: 4.3CWE: N/A

Low

CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and…

CVSS: 3.3CWE: N/A

2022-08-02

Medium

CVE-2022-33917

An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.

CVSS: 5.5CWE: N/A

2022-08-01

High

CVE-2022-34567

An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins.

CVSS: 8.8CWE: N/A

Medium

CVE-2022-21788

In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede…

CVSS: 6.7CWE: N/A

High

CVE-2022-30616

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.

CVSS: 7.2CWE: N/A

High

CVE-2022-22505

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288.

CVSS: 7.5CWE: N/A