Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32593 | 2 Google, Mediatek | 2 Android, Mt6983 | 2022-10-12 | N/A | 6.7 MEDIUM |
| In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493. | |||||
| CVE-2022-36363 | 1 Siemens | 4 Logo\!8 Bm, Logo\!8 Bm Fs-05, Logo\!8 Bm Fs-05 Firmware and 1 more | 2022-10-12 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory. | |||||
| CVE-2021-41945 | 1 Encode | 1 Httpx | 2022-10-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. | |||||
| CVE-2022-39291 | 1 Zoneminder | 1 Zoneminder | 2022-10-11 | N/A | 5.4 MEDIUM |
| ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-26475 | 3 Google, Linuxfoundation, Mediatek | 42 Android, Yocto, Mt6761 and 39 more | 2022-10-11 | N/A | 6.7 MEDIUM |
| In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. | |||||
| CVE-2019-5801 | 3 Apple, Google, Opensuse | 4 Iphone Os, Chrome, Backports and 1 more | 2022-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-5803 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5800 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5799 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5793 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |||||
| CVE-2021-44418 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-10-07 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44396 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-10-07 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-1271 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gzip, Jboss Data Grid | 2022-10-07 | N/A | 8.8 HIGH |
| An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | |||||
| CVE-2020-6425 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-10-07 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. | |||||
| CVE-2022-20625 | 1 Cisco | 110 Firepower 4110, Firepower 4112, Firepower 4115 and 107 more | 2022-10-06 | 6.1 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart. | |||||
| CVE-2022-23626 | 1 Blog Project | 1 Blog | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2020-27844 | 3 Debian, Oracle, Uclouvain | 3 Debian Linux, Outside In Technology, Openjpeg | 2022-10-06 | 8.3 HIGH | 7.8 HIGH |
| A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2022-22589 | 1 Apple | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. | |||||
| CVE-2017-0888 | 1 Nextcloud | 2 Nextcloud, Nextcloud Server | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | |||||
| CVE-2021-45105 | 5 Apache, Debian, Netapp and 2 more | 121 Log4j, Debian Linux, Cloud Manager and 118 more | 2022-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. | |||||