Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4802 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2022-10-27 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. | |||||
| CVE-2022-27668 | 1 Sap | 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | |||||
| CVE-2020-28702 | 1 Pybbs Project | 1 Pybbs | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. | |||||
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2022-10-27 | 4.6 MEDIUM | 5.0 MEDIUM |
| SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | |||||
| CVE-2021-40040 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-10-27 | N/A | 7.5 HIGH |
| Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2021-44518 | 1 Digipas | 1 Egeetouch Manager | 2022-10-27 | 2.9 LOW | 6.8 MEDIUM |
| An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication. | |||||
| CVE-2022-2859 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2858 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. | |||||
| CVE-2022-2857 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2856 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2022-10-27 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | |||||
| CVE-2022-2855 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2853 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-25574 | 1 Douco | 1 Douphp | 2022-10-27 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | |||||
| CVE-2014-0393 | 5 Canonical, Debian, Mariadb and 2 more | 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more | 2022-10-27 | 3.3 LOW | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB. | |||||
| CVE-2021-43692 | 1 Youtube-php-mirroring Project | 1 Youtube-php-mirroring | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. | |||||
| CVE-2021-43696 | 1 Twmap Project | 1 Twmap | 2022-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability. | |||||
| CVE-2022-0507 | 1 Pandorafms | 1 Pandora Fms | 2022-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. | |||||
| CVE-2022-2854 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2621 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2613 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2022-10-27 | N/A | 8.8 HIGH |
| Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||