CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-38368 287 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
2 CVE-2022-38362 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
3 CVE-2022-38359 CSRF 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link.
4 CVE-2022-38358 XSS 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email.
5 CVE-2022-38357 74 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php.
6 CVE-2022-38238 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc.
7 CVE-2022-38237 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.
8 CVE-2022-38236 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
9 CVE-2022-38235 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
10 CVE-2022-38234 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
11 CVE-2022-38233 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.
12 CVE-2022-38231 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.
13 CVE-2022-38230 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc.
14 CVE-2022-38229 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.
15 CVE-2022-38228 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.
16 CVE-2022-38227 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.
17 CVE-2022-38223 787 DoS 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
18 CVE-2022-38221 Exec Code Overflow 2022-08-15 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary code.
19 CVE-2022-38216 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.
20 CVE-2022-38194 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
21 CVE-2022-38193 Exec Code 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.
22 CVE-2022-38192 Exec Code XSS 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
23 CVE-2022-38191 74 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.
24 CVE-2022-38190 79 Exec Code XSS 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser
25 CVE-2022-38189 Exec Code XSS 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
26 CVE-2022-38188 79 Exec Code XSS 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
27 CVE-2022-38187 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.
28 CVE-2022-38186 79 Exec Code XSS 2022-08-15 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
29 CVE-2022-38184 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
30 CVE-2022-38183 732 2022-08-12 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles.
31 CVE-2022-38180 287 2022-08-12 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
32 CVE-2022-38179 697 2022-08-12 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack
33 CVE-2022-38161 2022-08-11 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.
34 CVE-2022-38155 770 2022-08-11 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
35 CVE-2022-38150 2022-08-11 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.
36 CVE-2022-38133 532 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
37 CVE-2022-38130 89 Sql 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e., \\<attacker-host>\sms\<attacker-db.zip>), effectively controlling the content of the database to be restored.
38 CVE-2022-38129 22 Dir. Trav. 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.
39 CVE-2022-37781 Overflow 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc.
40 CVE-2022-37452 787 Overflow 2022-08-07 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
41 CVE-2022-37451 763 2022-08-06 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
42 CVE-2022-37450 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.
43 CVE-2022-37439 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.
44 CVE-2022-37438 +Info 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
45 CVE-2022-37437 2022-08-16 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.
46 CVE-2022-37434 787 Overflow 2022-08-05 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
47 CVE-2022-37431 79 XSS 2022-08-05 2022-08-08
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations.
48 CVE-2022-37423 22 Dir. Trav. 2022-08-12 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.
49 CVE-2022-37416 2022-08-05 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.
50 CVE-2022-37415 770 Overflow 2022-08-05 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008.
Total number of vulnerabilities : 2675   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.