Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3067 | 1 Gitlab | 1 Gitlab | 2022-10-19 | N/A | 6.5 MEDIUM |
| An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID. | |||||
| CVE-2022-42168 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2022-10-19 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. | |||||
| CVE-2022-42167 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2022-10-19 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. | |||||
| CVE-2022-42166 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2022-10-19 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. | |||||
| CVE-2022-42165 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2022-10-19 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. | |||||
| CVE-2022-42171 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2022-10-19 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. | |||||
| CVE-2022-42170 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2022-10-19 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. | |||||
| CVE-2022-42169 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2022-10-19 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. | |||||
| CVE-2022-42237 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-10-19 | N/A | 9.8 CRITICAL |
| A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. | |||||
| CVE-2017-7517 | 1 Redhat | 1 Openshift | 2022-10-19 | N/A | 3.5 LOW |
| An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance. | |||||
| CVE-2020-25695 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2022-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25694 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2022-10-19 | 6.8 MEDIUM | 8.1 HIGH |
| A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2022-3066 | 1 Gitlab | 1 Gitlab | 2022-10-19 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. | |||||
| CVE-2019-14840 | 1 Redhat | 1 Decision Manager | 2022-10-19 | N/A | 7.5 HIGH |
| A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. | |||||
| CVE-2019-14841 | 1 Redhat | 2 Decision Manager, Process Automation | 2022-10-19 | N/A | 8.8 HIGH |
| A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. | |||||
| CVE-2019-20933 | 2 Debian, Influxdata | 2 Debian Linux, Influxdb | 2022-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | |||||
| CVE-2020-15436 | 3 Broadcom, Linux, Netapp | 34 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 31 more | 2022-10-19 | 7.2 HIGH | 6.7 MEDIUM |
| Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | |||||
| CVE-2020-29370 | 2 Linux, Netapp | 10 Linux Kernel, Cloud Backup, H410c and 7 more | 2022-10-19 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. | |||||
| CVE-2020-28941 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2022-10-19 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. | |||||
| CVE-2020-7032 | 1 Avaya | 2 Aura System Manager, Weblm | 2022-10-19 | 5.5 MEDIUM | 6.5 MEDIUM |
| An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. | |||||