Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18392 | 1 Cesanta | 1 Mjs | 2022-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-20951 | 1 Pluck-cms | 1 Pluck | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files. | |||||
| CVE-2020-22034 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2022-10-26 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. | |||||
| CVE-2020-22033 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2022-10-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. | |||||
| CVE-2022-35821 | 1 Microsoft | 1 Azure Sphere | 2022-10-26 | N/A | 4.4 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability. | |||||
| CVE-2022-23943 | 4 Apache, Debian, Fedoraproject and 1 more | 5 Http Server, Debian Linux, Fedora and 2 more | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. | |||||
| CVE-2022-27191 | 3 Fedoraproject, Golang, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Ssh and 2 more | 2022-10-26 | 4.3 MEDIUM | 7.5 HIGH |
| The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | |||||
| CVE-2021-21063 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-10-26 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21071 | 2 Adobe, Microsoft | 2 Animate, Windows | 2022-10-26 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-43019 | 2 Adobe, Apple | 2 Creative Cloud Desktop Application, Macos | 2022-10-26 | 9.3 HIGH | 7.8 HIGH |
| Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2022-38870 | 1 Free5gc | 1 Free5gc | 2022-10-26 | N/A | 7.5 HIGH |
| Free5gc v3.2.1 is vulnerable to Information disclosure. | |||||
| CVE-2022-1852 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-10-26 | 2.1 LOW | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. | |||||
| CVE-2022-2078 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2022-10-26 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. | |||||
| CVE-2022-34918 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2022-10-26 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. | |||||
| CVE-2022-37063 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2022-10-26 | N/A | 5.4 MEDIUM |
| All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the attacker to insert malicious JavaScript code. | |||||
| CVE-2022-37062 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2022-10-26 | N/A | 7.5 HIGH |
| All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. | |||||
| CVE-2022-34255 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-10-26 | N/A | N/A |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-2819 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-10-26 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. | |||||
| CVE-2022-2818 | 1 Agentejo | 1 Cockpit | 2022-10-26 | N/A | 8.8 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2. | |||||
| CVE-2022-32176 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2022-10-26 | N/A | 9.0 CRITICAL |
| In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover. | |||||