Vulnerabilities (CVE)

Total 193415 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44228 11 Apache, Bentley, Cisco and 8 more 156 Log4j, Synchro, Synchro 4d and 153 more 2022-08-17 9.3 HIGH 10.0 CRITICAL
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVE-2022-0996 2 Fedoraproject, Redhat 3 Fedora, 389 Directory Server, Enterprise Linux 2022-08-17 4.0 MEDIUM 6.5 MEDIUM
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
CVE-2022-22455 2022-08-17 N/A N/A
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989.
CVE-2022-35821 1 Microsoft 1 Azure Sphere 2022-08-17 N/A 4.4 MEDIUM
Azure Sphere Information Disclosure Vulnerability.
CVE-2022-36272 1 Mingsoft 1 Mcms 2022-08-17 N/A 9.8 CRITICAL
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
CVE-2022-36191 2022-08-17 N/A N/A
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.
CVE-2022-38194 1 Esri 1 Portal For Arcgis 2022-08-17 N/A 5.5 MEDIUM
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
CVE-2022-38193 1 Esri 1 Portal For Arcgis 2022-08-17 N/A 9.6 CRITICAL
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.
CVE-2022-38192 1 Esri 1 Portal For Arcgis 2022-08-17 N/A 5.4 MEDIUM
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2022-36273 1 Tenda 2 Ac9, Ac9 Firmware 2022-08-17 N/A 9.8 CRITICAL
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.
CVE-2022-34156 1 Hjholdings 1 Hulu 2022-08-17 N/A 4.8 MEDIUM
'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
CVE-2022-33939 1 Yokogawa 14 Centum Cs 3000 Cp31, Centum Cs 3000 Cp31 Firmware, Centum Cs 3000 Cp33 and 11 more 2022-08-17 N/A 7.5 HIGH
CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product.
CVE-2020-1756 1 Moodle 1 Moodle 2022-08-17 N/A 7.2 HIGH
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
CVE-2020-14379 1 Redhat 1 Jboss A-mq 2022-08-17 N/A 5.6 MEDIUM
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.
CVE-2022-38149 2022-08-17 N/A N/A
HashiCorp Consul Template through 0.29.1 inserts Sensitive Information into a Log File.
CVE-2022-36190 2022-08-17 N/A N/A
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
CVE-2022-36186 2022-08-17 N/A N/A
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.
CVE-2022-31262 2022-08-17 N/A N/A
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\ folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
CVE-2022-30262 2022-08-17 N/A N/A
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.
CVE-2022-2845 2022-08-17 N/A N/A
Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217.