CVE.report

CVE.report is the most up-to-date database of common vulnerabilities and exposures. Information is pulled in from several sources and processed in to a mobile friendly, easy to use page. Use the site to quickly check for vulnerabilities in products such as operating systems, applications, hardware, networks, databases, browsers, e-mail clients and more.

CVEs provide a unique and common naming scheme for publicly known cyber security vulnerabilities in order to quickly identify and share these vulnerabilities. You can use the search below to look for vulnerabilities based on product, vendor, or common tags


The form you will see after following this link allows you to fill out the various variables in the CVSS scoring system and receive the corresponding score. The description of each of the variables is also included for additional information.

[rss]
Recent CVEs
CVE Description Date
CVE-2022-38161 The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted ... Wed, 10 Aug 2022 22:05:09
CVE-2022-38155 TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large le... Wed, 10 Aug 2022 21:03:11
CVE-2022-38150 In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically resta... Wed, 10 Aug 2022 21:02:41
CVE-2021-40040 Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerabili... Wed, 10 Aug 2022 16:47:00
CVE-2021-40034 The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vul... Wed, 10 Aug 2022 16:46:46
CVE-2021-40030 The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality. Wed, 10 Aug 2022 16:46:23
CVE-2021-39696 In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of pr... Wed, 10 Aug 2022 16:46:03
CVE-2021-33646 The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory lea... Wed, 10 Aug 2022 16:45:33
CVE-2021-33645 The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory lea... Wed, 10 Aug 2022 16:45:02
CVE-2021-33644 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) ... Wed, 10 Aug 2022 16:44:32
CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) ... Wed, 10 Aug 2022 16:44:07
CVE-2021-46778 Wed, 10 Aug 2022 16:43:46
CVE-2022-32429 An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies I... Wed, 10 Aug 2022 16:43:28
CVE-2022-32245 SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an unauthenticated attacker to... Wed, 10 Aug 2022 16:43:01
CVE-2022-32189 A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.... Wed, 10 Aug 2022 16:42:41
CVE-2022-32148 Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.Rev... Wed, 10 Aug 2022 16:42:18
CVE-2022-31675 VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network a... Wed, 10 Aug 2022 16:42:05
CVE-2022-31674 VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network ac... Wed, 10 Aug 2022 16:41:47
CVE-2022-31673 VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network ac... Wed, 10 Aug 2022 16:41:19
CVE-2022-31672 VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network acces... Wed, 10 Aug 2022 16:40:50
CVE-2022-29804 Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.1... Wed, 10 Aug 2022 16:40:31
CVE-2022-22983 VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor wit... Wed, 10 Aug 2022 16:40:09
CVE-2022-2719 In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation... Wed, 10 Aug 2022 16:39:53
CVE-2022-2634 An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when... Wed, 10 Aug 2022 16:39:38
CVE-2022-2458 XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing o... Wed, 10 Aug 2022 16:39:21
CVE-2022-2457 A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Admi... Wed, 10 Aug 2022 16:39:02
CVE-2022-35697 Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) v... Wed, 10 Aug 2022 16:38:32
CVE-2022-35533 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which lead... Wed, 10 Aug 2022 16:38:07
CVE-2022-35518 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which lea... Wed, 10 Aug 2022 16:37:39
CVE-2022-30635 Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic ... Wed, 10 Aug 2022 16:37:17
CVE-2022-30633 Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due t... Wed, 10 Aug 2022 16:37:03
CVE-2022-30632 Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to st... Wed, 10 Aug 2022 16:36:50
CVE-2022-30631 Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic du... Wed, 10 Aug 2022 16:36:28
CVE-2022-30630 Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exha... Wed, 10 Aug 2022 16:36:08
CVE-2022-30629 Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that ... Wed, 10 Aug 2022 16:35:43
CVE-2022-30580 Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working direct... Wed, 10 Aug 2022 16:35:18
CVE-2022-20361 In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness i... Wed, 10 Aug 2022 16:35:05
CVE-2022-20360 In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation... Wed, 10 Aug 2022 16:34:41
CVE-2022-20359 In various methods of NotificationManagerService.java, there is a possible way to view notifications while lockdown is enable... Wed, 10 Aug 2022 16:34:21
CVE-2022-20358 In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers du... Wed, 10 Aug 2022 16:34:04
CVE-2022-20357 In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead... Wed, 10 Aug 2022 16:33:50
CVE-2022-20356 In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from ... Wed, 10 Aug 2022 16:33:22
CVE-2022-20355 In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to... Wed, 10 Aug 2022 16:33:08
CVE-2022-20354 In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could l... Wed, 10 Aug 2022 16:32:54
CVE-2022-20353 In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input valida... Wed, 10 Aug 2022 16:32:30
CVE-2022-20352 In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request locatio... Wed, 10 Aug 2022 16:32:12
CVE-2022-20350 In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification... Wed, 10 Aug 2022 16:31:52
CVE-2022-20349 In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass d... Wed, 10 Aug 2022 16:31:33
CVE-2022-20348 In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to ... Wed, 10 Aug 2022 16:31:19
CVE-2022-20347 In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This co... Wed, 10 Aug 2022 16:31:05
CVE-2022-20346 In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect ... Wed, 10 Aug 2022 16:30:42
CVE-2022-20345 In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could le... Wed, 10 Aug 2022 16:30:29
CVE-2022-20344 In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race cond... Wed, 10 Aug 2022 16:30:13
CVE-2022-20239 'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_pag... Wed, 10 Aug 2022 16:29:52
CVE-2022-38130 The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used i... Wed, 10 Aug 2022 16:29:23
CVE-2022-38129 A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Ke... Wed, 10 Aug 2022 16:29:06
CVE-2022-35538 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac,... Wed, 10 Aug 2022 16:28:40
CVE-2022-35537 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which l... Wed, 10 Aug 2022 16:28:10
CVE-2022-35536 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which ... Wed, 10 Aug 2022 16:27:57
CVE-2022-35535 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to comma... Wed, 10 Aug 2022 16:27:33
CVE-2022-35534 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, wh... Wed, 10 Aug 2022 16:27:17
CVE-2022-35526 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command inje... Wed, 10 Aug 2022 16:26:46
CVE-2022-35525 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command... Wed, 10 Aug 2022 16:26:32
CVE-2022-35524 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_E... Wed, 10 Aug 2022 16:26:04
CVE-2022-35523 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, w... Wed, 10 Aug 2022 16:25:50
CVE-2022-35522 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_g... Wed, 10 Aug 2022 16:25:31
CVE-2022-35521 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, bl... Wed, 10 Aug 2022 16:25:11
CVE-2022-35520 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden param... Wed, 10 Aug 2022 16:24:57
CVE-2022-35519 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to comma... Wed, 10 Aug 2022 16:24:38
CVE-2022-35517 WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ss... Wed, 10 Aug 2022 16:24:13
CVE-2022-35509 An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitra... Wed, 10 Aug 2022 16:23:53
CVE-2022-35491 TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. Wed, 10 Aug 2022 16:23:33
CVE-2022-35426 UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. Wed, 10 Aug 2022 16:23:20
CVE-2022-35293 Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On su... Wed, 10 Aug 2022 16:23:05
CVE-2022-35290 Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be rest... Wed, 10 Aug 2022 16:22:39
CVE-2022-23238 Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kerne... Wed, 10 Aug 2022 16:22:09
CVE-2022-1962 Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic... Wed, 10 Aug 2022 16:21:54
CVE-2022-1705 Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows ... Wed, 10 Aug 2022 16:21:39
CVE-2022-37024 Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils befo... Wed, 10 Aug 2022 16:21:21
CVE-2022-37008 The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitatio... Wed, 10 Aug 2022 16:21:01
CVE-2022-37007 The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the ava... Wed, 10 Aug 2022 16:20:32
CVE-2022-37006 Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service avai... Wed, 10 Aug 2022 16:20:14
CVE-2022-37005 The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect da... Wed, 10 Aug 2022 16:19:44
CVE-2022-37004 The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this v... Wed, 10 Aug 2022 16:19:15
CVE-2022-37003 The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permissi... Wed, 10 Aug 2022 16:19:00
CVE-2022-37002 The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicio... Wed, 10 Aug 2022 16:18:42
CVE-2022-37001 The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of ... Wed, 10 Aug 2022 16:18:27
CVE-2022-36923 Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyze... Wed, 10 Aug 2022 16:18:09
CVE-2022-36750 Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. Wed, 10 Aug 2022 16:17:51
CVE-2022-36270 Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php. Wed, 10 Aug 2022 16:17:37
CVE-2022-28881 A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain Wit... Wed, 10 Aug 2022 16:17:24
CVE-2022-28131 Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic du... Wed, 10 Aug 2022 16:17:05
CVE-2022-25793 A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the l... Wed, 10 Aug 2022 16:16:53
CVE-2022-35715 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technica... Wed, 10 Aug 2022 12:55:01
CVE-2022-35280 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default... Wed, 10 Aug 2022 12:54:41
CVE-2022-22490 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credent... Wed, 10 Aug 2022 12:54:20
CVE-2022-22411 IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the ... Wed, 10 Aug 2022 12:53:58
CVE-2022-22369 IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to cra... Wed, 10 Aug 2022 12:53:38
CVE-2022-34365 WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to g... Wed, 10 Aug 2022 12:40:28
CVE-2022-33931 Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no acces... Wed, 10 Aug 2022 12:39:58
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report