Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28774 | 1 Sap | 1 Host Agent | 2022-10-26 | 1.9 LOW | 5.5 MEDIUM |
| Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. | |||||
| CVE-2022-1636 | 1 Google | 2 Android, Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1634 | 1 Google | 2 Android, Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-1501 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1500 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2022-1498 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1496 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. | |||||
| CVE-2022-34007 | 1 Eqs | 1 Integrity Line | 2022-10-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. | |||||
| CVE-2022-34265 | 1 Djangoproject | 1 Django | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. | |||||
| CVE-2022-32088 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. | |||||
| CVE-2022-32087 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | |||||
| CVE-2022-32085 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. | |||||
| CVE-2020-23060 | 1 Tonec | 1 Internet Download Manager | 2022-10-26 | 6.6 MEDIUM | 7.1 HIGH |
| Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. | |||||
| CVE-2022-30192 | 1 Microsoft | 1 Edge Chromium | 2022-10-26 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. | |||||
| CVE-2022-1327 | 1 Rich-web | 1 Image Gallery | 2022-10-26 | 3.5 LOW | 4.8 MEDIUM |
| The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-20829 | 1 Cisco | 25 Adaptive Security Device Manager, Asa 5512-x, Asa 5512-x Firmware and 22 more | 2022-10-26 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability. | |||||
| CVE-2022-20828 | 1 Cisco | 20 Asa Firepower, Firepower 1010, Firepower 1120 and 17 more | 2022-10-26 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA. | |||||
| CVE-2022-1965 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2022-10-26 | 5.5 MEDIUM | 8.1 HIGH |
| Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. | |||||
| CVE-2020-23478 | 1 Leoeditor | 1 Leo | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | |||||
| CVE-2020-23058 | 1 File Explorer Project | 1 File Explorer | 2022-10-26 | 2.1 LOW | 4.6 MEDIUM |
| An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data. | |||||