Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7670 | 1 Primasystems | 1 Flexair | 2022-10-21 | 9.0 HIGH | 7.2 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system. | |||||
| CVE-2022-25663 | 1 Qualcomm | 62 Aqt1000, Aqt1000 Firmware, Qca1062 and 59 more | 2022-10-21 | N/A | 5.5 MEDIUM |
| Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | |||||
| CVE-2020-25634 | 1 Redhat | 2 3scale, 3scale Api Management | 2022-10-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected. | |||||
| CVE-2022-2069 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-10-21 | N/A | 7.8 HIGH |
| The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2022-42344 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-10-21 | N/A | 8.8 HIGH |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. | |||||
| CVE-2022-43405 | 1 Jenkins | 1 Groovy Libraries | 2022-10-21 | N/A | 9.9 CRITICAL |
| A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2022-22235 | 1 Juniper | 29 Junos, Srx100, Srx110 and 26 more | 2022-10-21 | N/A | 7.5 HIGH |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1. | |||||
| CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2022-10-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-36966 | 1 Solarwinds | 1 Orion Platform | 2022-10-21 | N/A | 5.4 MEDIUM |
| Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous. | |||||
| CVE-2020-24404 | 1 Magento | 1 Magento | 2022-10-21 | 5.5 MEDIUM | 2.7 LOW |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization. | |||||
| CVE-2020-24403 | 1 Magento | 1 Magento | 2022-10-21 | 4.0 MEDIUM | 2.7 LOW |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API. | |||||
| CVE-2020-24405 | 1 Magento | 1 Magento | 2022-10-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization. | |||||
| CVE-2020-2506 | 1 Qnap | 1 Helpdesk | 2022-10-21 | 7.5 HIGH | 9.8 CRITICAL |
| The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | |||||
| CVE-2020-24441 | 1 Adobe | 1 Acrobat Reader | 2022-10-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application. | |||||
| CVE-2020-24433 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-10-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. | |||||
| CVE-2020-25150 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-10-21 | 9.0 HIGH | 8.8 HIGH |
| A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. | |||||
| CVE-2020-25184 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2022-10-21 | 2.1 LOW | 5.5 MEDIUM |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. | |||||
| CVE-2022-36957 | 1 Solarwinds | 1 Orion Platform | 2022-10-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2022-43408 | 1 Jenkins | 1 Stage View | 2022-10-21 | N/A | 6.5 MEDIUM |
| Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins. | |||||
| CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2022-10-21 | N/A | 8.8 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | |||||