Total
196854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35036 | 1 Zyxel | 62 Ax7501-b0, Ax7501-b0 Firmware, Dx3301-t0 and 59 more | 2022-09-30 | 3.5 LOW | 6.5 MEDIUM |
| A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. | |||||
| CVE-2022-38222 | 1 Xpdfreader | 1 Xpdf | 2022-09-30 | N/A | 7.8 HIGH |
| There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. | |||||
| CVE-2022-2962 | 1 Qemu | 1 Qemu | 2022-09-30 | N/A | 7.8 HIGH |
| A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | |||||
| CVE-2022-1725 | 1 Vim | 1 Vim | 2022-09-30 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. | |||||
| CVE-2022-41975 | 2022-09-30 | N/A | N/A | ||
| RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. | |||||
| CVE-2022-41870 | 2022-09-30 | N/A | N/A | ||
| AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | |||||
| CVE-2022-40944 | 2022-09-30 | N/A | N/A | ||
| Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. | |||||
| CVE-2021-33354 | 2022-09-30 | N/A | N/A | ||
| Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. | |||||
| CVE-2022-40912 | 1 Etaplighting | 1 Etap Safety Manager | 2022-09-30 | N/A | 6.1 MEDIUM |
| ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site. | |||||
| CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2022-09-30 | N/A | 8.8 HIGH |
| In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. | |||||
| CVE-2022-38539 | 1 Archerydms | 1 Archery | 2022-09-30 | N/A | 9.8 CRITICAL |
| Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. | |||||
| CVE-2022-23055 | 1 Frappe | 1 Erpnext | 2022-09-30 | 5.5 MEDIUM | 5.4 MEDIUM |
| In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users. | |||||
| CVE-2022-23716 | 1 Elastic | 1 Elastic Cloud Enterprise | 2022-09-30 | N/A | 5.3 MEDIUM |
| A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | |||||
| CVE-2022-31367 | 1 Strapi | 1 Strapi | 2022-09-30 | N/A | 8.8 HIGH |
| Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses. | |||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2022-09-30 | 6.5 MEDIUM | 8.8 HIGH |
| In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | |||||
| CVE-2022-0790 | 1 Google | 1 Chrome | 2022-09-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-32799 | 1 Apple | 1 Macos | 2022-09-30 | N/A | 5.9 MEDIUM |
| An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information. | |||||
| CVE-2022-31628 | 1 Php | 1 Php | 2022-09-30 | N/A | 5.5 MEDIUM |
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | |||||
| CVE-2022-40316 | 2022-09-30 | N/A | N/A | ||
| The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | |||||
| CVE-2022-40315 | 2022-09-30 | N/A | N/A | ||
| A limited SQL injection risk was identified in the "browse list of users" site administration page. | |||||