Vulnerabilities (CVE)

Total 200554 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1270 1 Graphicsmagick 1 Graphicsmagick 2022-11-26 N/A 7.8 HIGH
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
CVE-2022-44260 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 8.8 HIGH
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.
CVE-2022-44259 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 8.8 HIGH
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.
CVE-2022-44258 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 8.8 HIGH
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.
CVE-2022-44257 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 8.8 HIGH
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.
CVE-2022-44256 1 Totolink 2 Nr1800x, Nr1800x Firmware 2022-11-26 N/A 8.8 HIGH
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
CVE-2022-44255 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.
CVE-2022-44254 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 8.8 HIGH
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.
CVE-2022-44253 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 8.8 HIGH
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.
CVE-2022-44252 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
CVE-2022-44251 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
CVE-2022-44250 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
CVE-2022-44249 1 Totolink 2 Lr350, Lr350 Firmware 2022-11-26 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
CVE-2022-44139 1 Apartment Visitors Management System Project 1 Apartment Visitors Management System 2022-11-26 N/A 9.8 CRITICAL
Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.
CVE-2022-45151 2 Fedoraproject, Moodle 2 Fedora, Moodle 2022-11-26 N/A 5.4 MEDIUM
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
CVE-2022-45150 2 Fedoraproject, Moodle 2 Fedora, Moodle 2022-11-26 N/A 6.1 MEDIUM
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.
CVE-2022-45149 2 Fedoraproject, Moodle 2 Fedora, Moodle 2022-11-26 N/A 5.4 MEDIUM
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.
CVE-2022-45462 1 Apache 1 Alarm Instance Management 2022-11-26 N/A 9.8 CRITICAL
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
CVE-2022-4045 1 Mattermost 1 Mattermost 2022-11-26 N/A 6.5 MEDIUM
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
CVE-2021-46854 1 Proftpd 1 Proftpd 2022-11-26 N/A 7.5 HIGH
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.