Total
193630 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31780 | 1 Apache | 1 Traffic Server | 2022-08-19 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-31779 | 1 Apache | 1 Traffic Server | 2022-08-19 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-28129 | 1 Apache | 1 Traffic Server | 2022-08-19 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-25763 | 1 Apache | 1 Traffic Server | 2022-08-19 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2021-37150 | 1 Apache | 1 Traffic Server | 2022-08-19 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-30262 | 1 Emerson | 4 Controlwave Micro, Controlwave Micro Firmware, Controlwave Pac and 1 more | 2022-08-19 | N/A | 7.8 HIGH |
| The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks. | |||||
| CVE-2022-36030 | 2022-08-19 | N/A | N/A | ||
| Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available. | |||||
| CVE-2022-35692 | 2022-08-19 | N/A | 5.3 MEDIUM | ||
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-35554 | 2022-08-19 | N/A | N/A | ||
| Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. | |||||
| CVE-2022-2793 | 2022-08-19 | N/A | N/A | ||
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol. | |||||
| CVE-2022-2792 | 2022-08-19 | N/A | N/A | ||
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | |||||
| CVE-2022-2790 | 2022-08-19 | N/A | N/A | ||
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). | |||||
| CVE-2022-2789 | 2022-08-19 | N/A | N/A | ||
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic. | |||||
| CVE-2020-27795 | 2022-08-19 | N/A | N/A | ||
| A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn). | |||||
| CVE-2020-27794 | 2022-08-19 | N/A | N/A | ||
| A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | |||||
| CVE-2020-27793 | 2022-08-19 | N/A | N/A | ||
| An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | |||||
| CVE-2020-27792 | 2022-08-19 | N/A | N/A | ||
| A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | |||||
| CVE-2022-36233 | 2022-08-19 | N/A | N/A | ||
| Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd. | |||||
| CVE-2022-36171 | 2022-08-19 | N/A | N/A | ||
| MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | |||||
| CVE-2022-36157 | 2022-08-19 | N/A | N/A | ||
| XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | |||||