Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3286 | 1 Gitlab | 1 Gitlab | 2022-10-20 | N/A | 5.3 MEDIUM |
| Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token | |||||
| CVE-2022-39052 | 1 Otrs | 1 Otrs | 2022-10-20 | N/A | 6.5 MEDIUM |
| An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system | |||||
| CVE-2022-3279 | 1 Gitlab | 1 Gitlab | 2022-10-20 | N/A | 6.5 MEDIUM |
| An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | |||||
| CVE-2022-3283 | 1 Gitlab | 1 Gitlab | 2022-10-20 | N/A | 7.5 HIGH |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. | |||||
| CVE-2022-3501 | 1 Otrs | 1 Otrs | 2022-10-20 | N/A | 7.5 HIGH |
| Article template contents with sensitive data could be accessed from agents without permissions. | |||||
| CVE-2022-42975 | 1 Phoenixframework | 1 Phoenix | 2022-10-20 | N/A | 7.5 HIGH |
| socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. | |||||
| CVE-2022-3519 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-10-20 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015. | |||||
| CVE-2022-41477 | 1 Webidsupport | 1 Webid | 2022-10-20 | N/A | 9.1 CRITICAL |
| A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. | |||||
| CVE-2017-20149 | 1 Mikrotik | 1 Routeros | 2022-10-20 | N/A | 9.8 CRITICAL |
| The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later. | |||||
| CVE-2022-38982 | 1 Huawei | 1 Harmonyos | 2022-10-20 | N/A | 9.8 CRITICAL |
| The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. | |||||
| CVE-2022-3566 | 1 Linux | 1 Linux Kernel | 2022-10-20 | N/A | 7.1 HIGH |
| A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. | |||||
| CVE-2022-3563 | 1 Linux | 1 Linux Kernel | 2022-10-20 | N/A | 5.7 MEDIUM |
| A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3338 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-10-20 | N/A | 5.4 MEDIUM |
| An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API. | |||||
| CVE-2022-38980 | 1 Huawei | 1 Harmonyos | 2022-10-20 | N/A | 9.8 CRITICAL |
| The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions. | |||||
| CVE-2022-3339 | 1 Mcafee | 1 Epolicy Orchestrator | 2022-10-20 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. | |||||
| CVE-2022-40055 | 1 Gxgroup | 2 Gpon Ont Titanium 2122a, Gpon Ont Titanium 2122a Firmware | 2022-10-20 | N/A | 9.8 CRITICAL |
| An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. | |||||
| CVE-2022-43023 | 1 Opencats | 1 Opencats | 2022-10-19 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | |||||
| CVE-2022-43022 | 1 Opencats | 1 Opencats | 2022-10-19 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. | |||||
| CVE-2022-43021 | 1 Opencats | 1 Opencats | 2022-10-19 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. | |||||
| CVE-2022-43020 | 1 Opencats | 1 Opencats | 2022-10-19 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. | |||||