Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40809 | 1 Democritus Dicts Project | 1 Democritus Dicts | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40810 | 1 Democritus Ip Addresses Project | 1 Democritus Ip Addresses | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40812 | 1 Democritus Pdfs Project | 1 Democritus Pdfs | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-36851 | 1 Samsung | 1 Samsung Pass | 2022-09-21 | N/A | 4.6 MEDIUM |
| Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | |||||
| CVE-2022-36865 | 2 Google, Samsung | 2 Android, Group Sharing | 2022-09-21 | N/A | 3.3 LOW |
| Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. | |||||
| CVE-2022-36864 | 1 Samsung | 1 Samsung Email | 2022-09-21 | N/A | 7.8 HIGH |
| Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. | |||||
| CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2022-09-21 | N/A | 3.3 LOW |
| Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
| CVE-2006-5752 | 4 Apache, Canonical, Fedoraproject and 1 more | 7 Http Server, Ubuntu Linux, Fedora and 4 more | 2022-09-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. | |||||
| CVE-2022-23768 | 1 Neoinfosys | 2 Nis-hap11ac, Nis-hap11ac Firmware | 2022-09-21 | N/A | 9.8 CRITICAL |
| This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device. | |||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2022-09-21 | N/A | 8.2 HIGH |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
| CVE-2022-39217 | 1 Ghas-to-csv Project | 1 Ghas-to-csv | 2022-09-21 | N/A | 9.8 CRITICAL |
| some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue. | |||||
| CVE-2022-40811 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-40808 | 1 Democritus Dates Project | 1 Democritus Dates | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40806 | 1 Democritus Uuids Project | 1 Democritus Uuids | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40807 | 1 Democritus Domains Project | 1 Democritus Domains | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40427 | 1 Democritus Domains Project | 1 Democritus Domains | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0 | |||||
| CVE-2022-40805 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package. | |||||
| CVE-2022-40424 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0 | |||||
| CVE-2022-38880 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0. | |||||
| CVE-2022-39010 | 1 Huawei | 2 Emui, Harmonyos | 2022-09-21 | N/A | 7.5 HIGH |
| The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information. | |||||