Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 27490 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27971 1 Alpsalpine 1 Touchpad Driver 2022-09-30 7.2 HIGH 7.8 HIGH
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.
CVE-2022-0530 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2020-15768 1 Gradle 2 Enterprise, Enterprise Cache Node 2022-09-30 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers.
CVE-2022-24409 1 Dell 1 Bsafe Ssl-j 2022-09-30 7.5 HIGH 7.5 HIGH
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.
CVE-2021-40419 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-09-30 5.0 MEDIUM 7.5 HIGH
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2021-0129 4 Bluez, Debian, Linux and 1 more 4 Bluez, Debian Linux, Linux Kernel and 1 more 2022-09-29 2.7 LOW 5.7 MEDIUM
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVE-2022-3054 1 Google 1 Chrome 2022-09-29 N/A 6.5 MEDIUM
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15334 1 Zyxel 1 Cloudcnm Secumanager 2022-09-29 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
CVE-2011-4820 1 Ibm 1 Rational Asset Manager 2022-09-29 N/A 4.3 MEDIUM
IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.
CVE-2020-20467 1 White Shark Systems Project 1 White Shark Systems 2022-09-29 6.4 MEDIUM 6.5 MEDIUM
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
CVE-2022-2319 1 X.org 1 Xorg-server 2022-09-29 N/A 7.8 HIGH
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
CVE-2022-27337 3 Debian, Fedoraproject, Freedesktop 3 Debian Linux, Fedora, Poppler 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2021-28694 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2022-09-28 4.6 MEDIUM 6.8 MEDIUM
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).
CVE-2022-2860 1 Google 1 Chrome 2022-09-28 N/A 6.5 MEDIUM
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
CVE-2022-3290 1 Ikus-soft 1 Rdiffweb 2022-09-28 N/A 7.5 HIGH
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVE-2022-3272 1 Ikus-soft 1 Rdiffweb 2022-09-28 N/A 7.5 HIGH
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVE-2021-3782 1 Wayland 1 Wayland 2022-09-26 N/A 9.8 CRITICAL
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.
CVE-2022-35621 1 Evohclaimable Project 1 Evohclaimable 2022-09-26 N/A 5.3 MEDIUM
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.
CVE-2022-40089 1 Simple College Website Project 1 Simple College Website 2022-09-26 N/A 9.8 CRITICAL
A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On.
CVE-2021-25472 1 Google 1 Android 2022-09-23 2.1 LOW 3.3 LOW
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.