Vulnerabilities (CVE)

Total 196854 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35036 1 Zyxel 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more 2022-09-30 3.5 LOW 6.5 MEDIUM
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file.
CVE-2022-38222 1 Xpdfreader 1 Xpdf 2022-09-30 N/A 7.8 HIGH
There is a use-after-free issue in JBIG2Stream::close() located in in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVE-2022-2962 1 Qemu 1 Qemu 2022-09-30 N/A 7.8 HIGH
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2022-1725 1 Vim 1 Vim 2022-09-30 N/A 5.5 MEDIUM
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2022-41975 2022-09-30 N/A N/A
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.
CVE-2022-41870 2022-09-30 N/A N/A
AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.
CVE-2022-40944 2022-09-30 N/A N/A
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.
CVE-2021-33354 2022-09-30 N/A N/A
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.
CVE-2022-40912 1 Etaplighting 1 Etap Safety Manager 2022-09-30 N/A 6.1 MEDIUM
ETAP Lighting International NV ETAP Safety Manager is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
CVE-2022-39817 1 Nokia 1 1350 Optical Management System 2022-09-30 N/A 8.8 HIGH
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database.
CVE-2022-38539 1 Archerydms 1 Archery 2022-09-30 N/A 9.8 CRITICAL
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.
CVE-2022-23055 1 Frappe 1 Erpnext 2022-09-30 5.5 MEDIUM 5.4 MEDIUM
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users.
CVE-2022-23716 1 Elastic 1 Elastic Cloud Enterprise 2022-09-30 N/A 5.3 MEDIUM
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.
CVE-2022-31367 1 Strapi 1 Strapi 2022-09-30 N/A 8.8 HIGH
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.
CVE-2022-30075 1 Tp-link 2 Archer Ax50, Archer Ax50 Firmware 2022-09-30 6.5 MEDIUM 8.8 HIGH
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.
CVE-2022-0790 1 Google 1 Chrome 2022-09-30 6.8 MEDIUM 9.6 CRITICAL
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-32799 1 Apple 1 Macos 2022-09-30 N/A 5.9 MEDIUM
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information.
CVE-2022-31628 1 Php 1 Php 2022-09-30 N/A 5.5 MEDIUM
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
CVE-2022-40316 2022-09-30 N/A N/A
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
CVE-2022-40315 2022-09-30 N/A N/A
A limited SQL injection risk was identified in the "browse list of users" site administration page.