Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33897 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-10-25 | N/A | 9.1 CRITICAL |
| A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-24654 | 1 Intelbras | 2 Ata 200, Ata 200 Firmware | 2022-10-25 | N/A | 5.4 MEDIUM |
| Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. | |||||
| CVE-2022-31778 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2022-10-25 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2. | |||||
| CVE-2017-20144 | 1 Anvsoft | 1 Pdf Converter | 2022-10-25 | N/A | 7.8 HIGH |
| A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2469 | 2 Debian, Gnu | 2 Debian Linux, Gnu Sasl | 2022-10-25 | N/A | 8.1 HIGH |
| GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client | |||||
| CVE-2022-36450 | 1 Obsidian | 1 Obsidian | 2022-10-25 | N/A | 9.8 CRITICAL |
| Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. | |||||
| CVE-2022-35223 | 1 Easyuse | 1 Mailhunter Ultimate | 2022-10-25 | N/A | 9.8 CRITICAL |
| EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service. | |||||
| CVE-2022-35216 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 7.5 HIGH |
| OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | |||||
| CVE-2022-32965 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 9.8 CRITICAL |
| OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | |||||
| CVE-2022-32964 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 9.8 CRITICAL |
| OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service. | |||||
| CVE-2022-32963 | 1 Omicard Edm Project | 1 Omicard Edm | 2022-10-25 | N/A | 7.5 HIGH |
| OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | |||||
| CVE-2021-0975 | 1 Google | 1 Android | 2022-10-25 | N/A | 5.5 MEDIUM |
| In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure of installed packages with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180104273 | |||||
| CVE-2021-46744 | 1 Amd | 198 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 195 more | 2022-10-25 | 2.1 LOW | 6.5 MEDIUM |
| An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | |||||
| CVE-2022-30333 | 3 Linux, Opengroup, Rarlab | 3 Linux Kernel, Unix, Unrar | 2022-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. | |||||
| CVE-2022-29582 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-10-25 | 6.9 MEDIUM | 7.0 HIGH |
| In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. | |||||
| CVE-2020-12966 | 1 Amd | 214 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 211 more | 2022-10-25 | 2.1 LOW | 5.5 MEDIUM |
| AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. | |||||
| CVE-2021-43518 | 2 Fedoraproject, Teeworlds | 2 Fedora, Teeworlds | 2022-10-25 | 6.8 MEDIUM | 7.8 HIGH |
| Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution. | |||||
| CVE-2017-20135 | 1 Itechscripts | 1 Dating Script | 2022-10-25 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-28219 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2022-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | |||||
| CVE-2022-27359 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2022-10-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference. | |||||