Total
193415 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44228 | 11 Apache, Bentley, Cisco and 8 more | 156 Log4j, Synchro, Synchro 4d and 153 more | 2022-08-17 | 9.3 HIGH | 10.0 CRITICAL |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | |||||
CVE-2022-0996 | 2 Fedoraproject, Redhat | 3 Fedora, 389 Directory Server, Enterprise Linux | 2022-08-17 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | |||||
CVE-2022-22455 | 2022-08-17 | N/A | N/A | ||
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989. | |||||
CVE-2022-35821 | 1 Microsoft | 1 Azure Sphere | 2022-08-17 | N/A | 4.4 MEDIUM |
Azure Sphere Information Disclosure Vulnerability. | |||||
CVE-2022-36272 | 1 Mingsoft | 1 Mcms | 2022-08-17 | N/A | 9.8 CRITICAL |
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. | |||||
CVE-2022-36191 | 2022-08-17 | N/A | N/A | ||
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242. | |||||
CVE-2022-38194 | 1 Esri | 1 Portal For Arcgis | 2022-08-17 | N/A | 5.5 MEDIUM |
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file. | |||||
CVE-2022-38193 | 1 Esri | 1 Portal For Arcgis | 2022-08-17 | N/A | 9.6 CRITICAL |
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser. | |||||
CVE-2022-38192 | 1 Esri | 1 Portal For Arcgis | 2022-08-17 | N/A | 5.4 MEDIUM |
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | |||||
CVE-2022-36273 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-08-17 | N/A | 9.8 CRITICAL |
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. | |||||
CVE-2022-34156 | 1 Hjholdings | 1 Hulu | 2022-08-17 | N/A | 4.8 MEDIUM |
'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | |||||
CVE-2022-33939 | 1 Yokogawa | 14 Centum Cs 3000 Cp31, Centum Cs 3000 Cp31 Firmware, Centum Cs 3000 Cp33 and 11 more | 2022-08-17 | N/A | 7.5 HIGH |
CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. | |||||
CVE-2020-1756 | 1 Moodle | 1 Moodle | 2022-08-17 | N/A | 7.2 HIGH |
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool. | |||||
CVE-2020-14379 | 1 Redhat | 1 Jboss A-mq | 2022-08-17 | N/A | 5.6 MEDIUM |
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure. | |||||
CVE-2022-38149 | 2022-08-17 | N/A | N/A | ||
HashiCorp Consul Template through 0.29.1 inserts Sensitive Information into a Log File. | |||||
CVE-2022-36190 | 2022-08-17 | N/A | N/A | ||
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. | |||||
CVE-2022-36186 | 2022-08-17 | N/A | N/A | ||
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1. | |||||
CVE-2022-31262 | 2022-08-17 | N/A | N/A | ||
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM. | |||||
CVE-2022-30262 | 2022-08-17 | N/A | N/A | ||
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. | |||||
CVE-2022-2845 | 2022-08-17 | N/A | N/A | ||
Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217. |