Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23469 | 1 Gmate Project | 1 Gmate | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. | |||||
| CVE-2020-23332 | 1 Axiosys | 1 Bento4 | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS). | |||||
| CVE-2020-23148 | 1 Rconfig | 1 Rconfig | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | |||||
| CVE-2020-23376 | 1 5none | 1 Nonecms | 2022-10-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack. | |||||
| CVE-2020-23151 | 1 Rconfig | 1 Rconfig | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. | |||||
| CVE-2020-15591 | 1 Uni-stuttgart | 1 Frams\' Fast File Exchange | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | |||||
| CVE-2020-22724 | 1 Mercury | 4 Mer1200, Mer1200 Firmware, Mer1200g and 1 more | 2022-10-26 | 10.0 HIGH | 9.8 CRITICAL |
| A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1. | |||||
| CVE-2020-21535 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2022-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. | |||||
| CVE-2020-19155 | 1 Jflyfox | 1 Jfinal Cms | 2022-10-26 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2022-10-26 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | |||||
| CVE-2020-18898 | 1 Exiv2 | 1 Exiv2 | 2022-10-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | |||||
| CVE-2022-1635 | 1 Google | 2 Android, Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-1633 | 1 Google | 2 Chrome, Chrome Os | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-1499 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.3 MEDIUM |
| Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
| CVE-2020-22120 | 1 Txjia | 1 Imcat | 2022-10-26 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | |||||
| CVE-2022-1497 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. | |||||
| CVE-2022-1495 | 1 Google | 2 Android, Chrome | 2022-10-26 | N/A | 4.3 MEDIUM |
| Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. | |||||
| CVE-2022-26307 | 1 Libreoffice | 1 Libreoffice | 2022-10-26 | N/A | 8.8 HIGH |
| LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3. | |||||
| CVE-2022-26306 | 1 Libreoffice | 1 Libreoffice | 2022-10-26 | N/A | 7.5 HIGH |
| LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.1. | |||||
| CVE-2022-2522 | 1 Vim | 1 Vim | 2022-10-26 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. | |||||