Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22098 | 1 Qualcomm | 2 Apq8096au, Apq8096au Firmware | 2022-09-08 | N/A | 7.8 HIGH |
| Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto | |||||
| CVE-2022-29053 | 1 Fortinet | 1 Fortios | 2022-09-08 | N/A | 3.3 LOW |
| A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. | |||||
| CVE-2022-35847 | 1 Fortinet | 1 Fortisoar | 2022-09-08 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2022-27491 | 1 Fortinet | 1 Fortios | 2022-09-08 | N/A | 7.5 HIGH |
| A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. | |||||
| CVE-2022-22104 | 1 Qualcomm | 38 Apq8096au, Apq8096au Firmware, Msm8996au and 35 more | 2022-09-08 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto | |||||
| CVE-2022-22106 | 1 Qualcomm | 4 Sa8540p, Sa8540p Firmware, Sa9000p and 1 more | 2022-09-08 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto | |||||
| CVE-2022-36603 | 1 Innosilicon | 2 T3t\+, T3t\+ Firmware | 2022-09-08 | N/A | 8.8 HIGH |
| InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function. | |||||
| CVE-2022-36601 | 1 Jinglemining | 2 Jasminer X4 Server, Jasminer X4 Server Firmware | 2022-09-08 | N/A | 9.8 CRITICAL |
| The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands. | |||||
| CVE-2022-22061 | 1 Qualcomm | 66 Ar8035, Ar8035 Firmware, Qca6390 and 63 more | 2022-09-07 | N/A | 7.8 HIGH |
| Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | |||||
| CVE-2022-32993 | 1 Totolink | 2 A7000r, A7000r Firmware | 2022-09-07 | N/A | 9.8 CRITICAL |
| TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. | |||||
| CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2022-09-07 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | |||||
| CVE-2022-2132 | 4 Debian, Dpdk, Fedoraproject and 1 more | 8 Debian Linux, Data Plane Development Kit, Fedora and 5 more | 2022-09-06 | N/A | 8.6 HIGH |
| A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | |||||
| CVE-2022-36202 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2022-09-06 | N/A | 9.8 CRITICAL |
| Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter. | |||||
| CVE-2020-7530 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2022-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. | |||||
| CVE-2020-7545 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2022-09-02 | 6.5 MEDIUM | 7.2 HIGH |
| A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. | |||||
| CVE-2020-7573 | 1 Schneider-electric | 1 Webreports | 2022-09-02 | 6.4 MEDIUM | 6.5 MEDIUM |
| A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. | |||||
| CVE-2020-7547 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2022-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. | |||||
| CVE-2021-27906 | 3 Apache, Fedoraproject, Oracle | 19 Pdfbox, Fedora, Banking Corporate Lending Process Management and 16 more | 2022-09-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | |||||
| CVE-2020-24386 | 3 Debian, Dovecot, Fedoraproject | 3 Debian Linux, Dovecot, Fedora | 2022-09-02 | 4.9 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | |||||
| CVE-2022-36034 | 1 Nitrado.js Project | 1 Nitrado.js | 2022-09-01 | N/A | 7.5 HIGH |
| nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds. | |||||