Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by NVD-CWE-Other
Total 27488 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1959 1 Spsoftmobile 1 Applock 2022-10-04 N/A 6.6 MEDIUM
AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
CVE-2022-20728 1 Cisco 52 Aironet 1542d, Aironet 1542d Firmware, Aironet 1542i and 49 more 2022-10-04 N/A 4.7 MEDIUM
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.
CVE-2022-2860 1 Google 1 Chrome 2022-10-02 N/A 6.5 MEDIUM
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
CVE-2022-3054 1 Google 1 Chrome 2022-10-02 N/A 6.5 MEDIUM
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-36879 1 Linux 1 Linux Kernel 2022-10-02 N/A 5.5 MEDIUM
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
CVE-2022-2663 1 Linux 1 Linux Kernel 2022-10-02 N/A 5.3 MEDIUM
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVE-2021-4159 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2022-10-02 N/A 4.4 MEDIUM
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
CVE-2022-40023 2 Debian, Sqlalchemy 2 Debian Linux, Mako 2022-09-30 N/A 7.5 HIGH
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
CVE-2022-36867 1 Samsung 1 Editor Lite 2022-09-30 N/A 5.5 MEDIUM
Improper access control vulnerability in Editor Lite prior to version allows attackers to access sensitive information.
CVE-2022-36869 1 Samsung 1 Contacts Provider 2022-09-30 N/A 6.1 MEDIUM
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.
CVE-2021-27971 1 Alpsalpine 1 Touchpad Driver 2022-09-30 7.2 HIGH 7.8 HIGH
Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.
CVE-2022-0530 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2020-15768 1 Gradle 2 Enterprise, Enterprise Cache Node 2022-09-29 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers.
CVE-2022-24409 1 Dell 1 Bsafe Ssl-j 2022-09-29 7.5 HIGH 7.5 HIGH
Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.
CVE-2021-40419 1 Reolink 2 Rlc-410w, Rlc-410w Firmware 2022-09-29 5.0 MEDIUM 7.5 HIGH
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2021-0129 4 Bluez, Debian, Linux and 1 more 4 Bluez, Debian Linux, Linux Kernel and 1 more 2022-09-29 2.7 LOW 5.7 MEDIUM
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
CVE-2011-4820 1 Ibm 1 Rational Asset Manager 2022-09-29 N/A 4.3 MEDIUM
IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences.
CVE-2020-15334 1 Zyxel 1 Cloudcnm Secumanager 2022-09-29 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
CVE-2020-20467 1 White Shark Systems Project 1 White Shark Systems 2022-09-29 6.4 MEDIUM 6.5 MEDIUM
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.
CVE-2022-2319 1 1 Xorg-server 2022-09-29 N/A 7.8 HIGH
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.