Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1066 | 1 Aethon | 1 Tug Home Base Server | 2022-10-21 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-1059 | 1 Aethon | 1 Tug Home Base Server | 2022-10-21 | N/A | 6.1 MEDIUM |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-42206 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-10-21 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php. | |||||
| CVE-2022-42205 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-10-21 | N/A | 5.4 MEDIUM |
| PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php. | |||||
| CVE-2022-39309 | 1 Thoughtworks | 1 Gocd | 2022-10-21 | N/A | 6.5 MEDIUM |
| GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds. | |||||
| CVE-2022-3382 | 1 Hiwin | 1 Robot System Software | 2022-10-21 | N/A | 7.5 HIGH |
| HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition. | |||||
| CVE-2022-3567 | 1 Linux | 1 Linux Kernel | 2022-10-21 | N/A | 7.1 HIGH |
| A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-8974 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2022-10-21 | N/A | 9.1 CRITICAL |
| In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable. | |||||
| CVE-2022-35860 | 1 Corsair | 2 K63, K63 Firmware | 2022-10-21 | N/A | 6.8 MEDIUM |
| Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. | |||||
| CVE-2016-20017 | 1 Dlink | 2 Dsl-2750b, Dsl-2750b Firmware | 2022-10-21 | N/A | 9.8 CRITICAL |
| D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | |||||
| CVE-2022-40798 | 1 Ocomon Project | 1 Ocomon | 2022-10-21 | N/A | 7.5 HIGH |
| OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. | |||||
| CVE-2022-38901 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-10-21 | N/A | 5.4 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file. | |||||
| CVE-2022-22078 | 1 Qualcomm | 134 Aqt1000, Aqt1000 Firmware, Ar8035 and 131 more | 2022-10-21 | N/A | 4.6 MEDIUM |
| Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-22077 | 1 Qualcomm | 16 Sd 8 Gen1 5g, Sd 8 Gen1 5g Firmware, Wcd9380 and 13 more | 2022-10-21 | N/A | 7.8 HIGH |
| Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile | |||||
| CVE-2022-3606 | 1 Linux | 1 Linux Kernel | 2022-10-21 | N/A | 5.5 MEDIUM |
| A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability. | |||||
| CVE-2022-25660 | 1 Qualcomm | 186 Aqt1000, Aqt1000 Firmware, Ar8035 and 183 more | 2022-10-21 | N/A | 7.8 HIGH |
| Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-21096 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2022-10-21 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-20222 | 1 Redhat | 1 Keycloak | 2022-10-21 | 5.1 MEDIUM | 7.5 HIGH |
| A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-21045 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-10-21 | 9.3 HIGH | 8.2 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user. | |||||
| CVE-2021-21020 | 1 Magento | 1 Magento | 2022-10-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources. | |||||