Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13517 | 1 Nzxt | 1 Cam | 2022-09-12 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13516 | 1 Nzxt | 1 Cam | 2022-09-12 | 2.1 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13518 | 1 Nzxt | 1 Cam | 2022-09-12 | 2.1 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2022-36079 | 1 Parseplatform | 1 Parse-server | 2022-09-12 | N/A | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are removed by Parse Server and are only returned to the client using a valid master key. However, using query constraints, these fields can be guessed by enumerating until Parse Server, prior to versions 4.10.14 or 5.2.5, returns a response object. The patch available in versions 4.10.14 and 5.2.5 requires the maser key to use internal and protected fields as query constraints. As a workaround, implement a Parse Cloud Trigger `beforeFind` and manually remove the query constraints. | |||||
| CVE-2022-36082 | 1 Mangadex-downloader Project | 1 Mangadex-downloader | 2022-09-12 | N/A | 5.3 MEDIUM |
| mangadex-downloader is a command-line tool to download manga from MangaDex. When using `file:<location>` command and `<location>` is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue. | |||||
| CVE-2022-37777 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2022-09-12 | N/A | 7.2 HIGH |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function. | |||||
| CVE-2022-37778 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2022-09-12 | N/A | 7.2 HIGH |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function. | |||||
| CVE-2022-37779 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2022-09-12 | N/A | 7.2 HIGH |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function. | |||||
| CVE-2022-23684 | 1 Arubanetworks | 13 Aos-cx, Cx 10000, Cx 4100i and 10 more | 2022-09-12 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate privileges beyond their authorized level in ArubaOS-CX Switches version(s): AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX 10.08.xxxx: 10.08.1060 and below, AOS-CX 10.06.xxxx: 10.06.0200 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability. | |||||
| CVE-2008-2578 | 1 Oracle | 1 Weblogic Server | 2022-09-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors. | |||||
| CVE-2008-2577 | 1 Oracle | 1 Weblogic Server | 2022-09-12 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors. | |||||
| CVE-2021-26414 | 1 Microsoft | 10 Windows 10, Windows 7, Windows 8.1 and 7 more | 2022-09-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows DCOM Server Security Feature Bypass | |||||
| CVE-2022-36853 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.5 HIGH |
| Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. | |||||
| CVE-2022-36856 | 1 Google | 1 Android | 2022-09-09 | N/A | 3.3 LOW |
| Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. | |||||
| CVE-2022-31790 | 1 Watchguard | 1 Fireware | 2022-09-09 | N/A | 7.5 HIGH |
| WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. | |||||
| CVE-2022-31791 | 1 Watchguard | 1 Fireware | 2022-09-09 | N/A | 7.8 HIGH |
| WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. | |||||
| CVE-2021-46665 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2022-09-09 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. | |||||
| CVE-2021-26337 | 1 Amd | 224 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 221 more | 2022-09-09 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | |||||
| CVE-2022-22592 | 1 Apple | 6 Ipados, Iphone, Macos and 3 more | 2022-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
| CVE-2022-21151 | 3 Debian, Intel, Netapp | 796 Debian Linux, Celeron J1750, Celeron J1750 Firmware and 793 more | 2022-09-09 | 2.1 LOW | 5.5 MEDIUM |
| Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||