| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-39047 |
120 |
|
Overflow |
2022-08-31 |
2022-09-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL. |
|
2 |
CVE-2022-39046 |
532 |
|
|
2022-08-31 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. |
|
3 |
CVE-2022-39028 |
476 |
|
|
2022-08-30 |
2022-11-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. |
|
4 |
CVE-2022-38812 |
89 |
|
Sql |
2022-08-31 |
2022-09-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. |
|
5 |
CVE-2022-38794 |
22 |
|
Dir. Trav. |
2022-08-27 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. |
|
6 |
CVE-2022-38792 |
|
|
Exec Code |
2022-08-27 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. |
|
7 |
CVE-2022-38791 |
|
|
|
2022-08-27 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. |
|
8 |
CVE-2022-38784 |
190 |
|
Exec Code Overflow |
2022-08-30 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. |
|
9 |
CVE-2022-38772 |
|
|
Exec Code |
2022-08-29 |
2022-09-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. |
|
10 |
CVE-2022-38668 |
200 |
|
+Info |
2022-08-22 |
2022-10-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. |
|
11 |
CVE-2022-38667 |
416 |
|
Exec Code |
2022-08-22 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request. |
|
12 |
CVE-2022-38665 |
256 |
|
|
2022-08-23 |
2022-08-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. |
|
13 |
CVE-2022-38664 |
79 |
|
XSS |
2022-08-23 |
2022-08-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. |
|
14 |
CVE-2022-38663 |
522 |
|
|
2022-08-23 |
2022-08-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. |
|
15 |
CVE-2022-38625 |
345 |
|
|
2022-08-29 |
2022-09-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerability. |
|
16 |
CVE-2022-38571 |
787 |
|
Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. |
|
17 |
CVE-2022-38570 |
787 |
|
DoS Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. |
|
18 |
CVE-2022-38569 |
787 |
|
Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. |
|
19 |
CVE-2022-38568 |
787 |
|
DoS Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter. |
|
20 |
CVE-2022-38567 |
787 |
|
DoS Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter. |
|
21 |
CVE-2022-38566 |
787 |
|
DoS Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter. |
|
22 |
CVE-2022-38565 |
787 |
|
DoS Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. |
|
23 |
CVE-2022-38564 |
787 |
|
DoS Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter. |
|
24 |
CVE-2022-38563 |
787 |
|
DoS Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter. |
|
25 |
CVE-2022-38562 |
787 |
|
DoS Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter. |
|
26 |
CVE-2022-38557 |
798 |
|
|
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. |
|
27 |
CVE-2022-38556 |
798 |
|
|
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. |
|
28 |
CVE-2022-38555 |
787 |
|
Overflow |
2022-08-28 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. |
|
29 |
CVE-2022-38533 |
787 |
|
Overflow |
2022-08-26 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. |
|
30 |
CVE-2022-38511 |
77 |
|
|
2022-08-29 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. |
|
31 |
CVE-2022-38510 |
120 |
|
Overflow |
2022-08-29 |
2022-09-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. |
|
32 |
CVE-2022-38493 |
347 |
|
DoS |
2022-08-20 |
2022-08-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. |
|
33 |
CVE-2022-38463 |
79 |
|
XSS |
2022-08-23 |
2022-08-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. |
|
34 |
CVE-2022-38392 |
|
|
DoS |
2022-08-17 |
2022-08-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported product is Seagate STDT4000100 763649053447. |
|
35 |
CVE-2022-38368 |
287 |
|
|
2022-08-15 |
2022-08-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. |
|
36 |
CVE-2022-38362 |
|
|
|
2022-08-16 |
2022-08-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. |
|
37 |
CVE-2022-38359 |
352 |
|
CSRF |
2022-08-15 |
2022-08-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?DataTables_Table_0_length=10&user_selected%5B%5D=1&user_mgt_list=delete_user&action=submit by means of a crafted link. |
|
38 |
CVE-2022-38358 |
79 |
|
XSS |
2022-08-15 |
2022-08-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email. |
|
39 |
CVE-2022-38357 |
74 |
|
|
2022-08-15 |
2022-08-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php. |
|
40 |
CVE-2022-38238 |
787 |
|
Overflow |
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc. |
|
41 |
CVE-2022-38237 |
787 |
|
Overflow |
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc. |
|
42 |
CVE-2022-38236 |
120 |
|
Overflow |
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc. |
|
43 |
CVE-2022-38235 |
754 |
|
|
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. |
|
44 |
CVE-2022-38234 |
754 |
|
|
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. |
|
45 |
CVE-2022-38233 |
754 |
|
|
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. |
|
46 |
CVE-2022-38231 |
787 |
|
Overflow |
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc. |
|
47 |
CVE-2022-38230 |
697 |
|
|
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. |
|
48 |
CVE-2022-38229 |
787 |
|
Overflow |
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. |
|
49 |
CVE-2022-38228 |
787 |
|
Overflow |
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. |
|
50 |
CVE-2022-38227 |
787 |
|
Overflow |
2022-08-16 |
2022-08-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp. |
