# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
101 |
CVE-2022-32089 |
|
|
|
2022-07-01 |
2022-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. |
102 |
CVE-2022-32088 |
|
|
|
2022-07-01 |
2022-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. |
103 |
CVE-2022-32087 |
|
|
|
2022-07-01 |
2022-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. |
104 |
CVE-2022-32086 |
|
|
|
2022-07-01 |
2022-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. |
105 |
CVE-2022-32085 |
|
|
|
2022-07-01 |
2022-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. |
106 |
CVE-2022-32084 |
|
|
|
2022-07-01 |
2022-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
107 |
CVE-2022-32083 |
|
|
|
2022-07-01 |
2022-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. |
108 |
CVE-2022-32082 |
617 |
|
|
2022-07-01 |
2022-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. |
109 |
CVE-2022-32055 |
89 |
|
Sql |
2022-07-07 |
2022-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. |
110 |
CVE-2022-32053 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. |
111 |
CVE-2022-32052 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. |
112 |
CVE-2022-32051 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. |
113 |
CVE-2022-32050 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. |
114 |
CVE-2022-32049 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. |
115 |
CVE-2022-32048 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. |
116 |
CVE-2022-32047 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. |
117 |
CVE-2022-32046 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. |
118 |
CVE-2022-32045 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. |
119 |
CVE-2022-32044 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. |
120 |
CVE-2022-32043 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. |
121 |
CVE-2022-32041 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. |
122 |
CVE-2022-32040 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. |
123 |
CVE-2022-32039 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. |
124 |
CVE-2022-32037 |
770 |
|
Overflow |
2022-07-01 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. |
125 |
CVE-2022-31973 |
|
|
|
2022-06-02 |
2022-06-10 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. |
126 |
CVE-2022-31966 |
|
|
|
2022-06-02 |
2022-06-10 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. |
127 |
CVE-2022-31887 |
522 |
|
|
2022-06-28 |
2022-07-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. |
128 |
CVE-2022-31876 |
863 |
|
|
2022-06-17 |
2022-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. |
129 |
CVE-2022-31847 |
668 |
|
+Info |
2022-06-14 |
2022-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. |
130 |
CVE-2022-31846 |
668 |
|
+Info |
2022-06-14 |
2022-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. |
131 |
CVE-2022-31845 |
668 |
|
+Info |
2022-06-14 |
2022-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. |
132 |
CVE-2022-31804 |
789 |
|
|
2022-06-24 |
2022-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. |
133 |
CVE-2022-31803 |
400 |
|
|
2022-06-24 |
2022-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. |
134 |
CVE-2022-31769 |
200 |
|
+Info |
2022-06-10 |
2022-06-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. |
135 |
CVE-2022-31761 |
|
|
|
2022-06-13 |
2022-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. |
136 |
CVE-2022-31757 |
|
|
|
2022-06-13 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
137 |
CVE-2022-31754 |
|
|
|
2022-06-13 |
2022-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. |
138 |
CVE-2022-31753 |
134 |
|
|
2022-06-13 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. |
139 |
CVE-2022-31651 |
617 |
|
|
2022-05-25 |
2022-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. |
140 |
CVE-2022-31649 |
668 |
|
|
2022-06-09 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. |
141 |
CVE-2022-31597 |
862 |
|
|
2022-07-12 |
2022-07-19 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. |
142 |
CVE-2022-31578 |
22 |
|
Dir. Trav. |
2022-07-11 |
2022-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
143 |
CVE-2022-31566 |
22 |
|
Dir. Trav. |
2022-07-11 |
2022-07-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
144 |
CVE-2022-31489 |
89 |
|
Sql |
2022-05-23 |
2022-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. |
145 |
CVE-2022-31488 |
89 |
|
Sql |
2022-05-23 |
2022-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. |
146 |
CVE-2022-31487 |
89 |
|
Sql |
2022-05-23 |
2022-05-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. |
147 |
CVE-2022-31485 |
425 |
|
|
2022-06-06 |
2022-06-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. |
148 |
CVE-2022-31484 |
425 |
|
|
2022-06-06 |
2022-06-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back. |
149 |
CVE-2022-31480 |
425 |
|
|
2022-06-06 |
2022-06-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. |
150 |
CVE-2022-31462 |
798 |
|
|
2022-06-02 |
2022-07-08 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. |