Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31130 | 1 Grafana | 1 Grafana | 2022-10-17 | N/A | 7.5 HIGH |
| Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication. | |||||
| CVE-2022-39295 | 1 Eng | 1 Knowage | 2022-10-17 | N/A | 6.1 MEDIUM |
| Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds. | |||||
| CVE-2022-38540 | 1 Archerydms | 1 Archery | 2022-10-16 | N/A | 9.8 CRITICAL |
| Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. | |||||
| CVE-2022-41390 | 1 Ocomon Project | 1 Ocomon | 2022-10-16 | N/A | 9.8 CRITICAL |
| OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. | |||||
| CVE-2022-41391 | 1 Ocomon Project | 1 Ocomon | 2022-10-16 | N/A | 9.8 CRITICAL |
| OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. | |||||
| CVE-2021-3427 | 1 Deluge-torrent | 1 Deluge | 2022-10-16 | N/A | 6.1 MEDIUM |
| The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session. | |||||
| CVE-2022-37049 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-10-16 | N/A | 7.8 HIGH |
| The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. | |||||
| CVE-2022-37048 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-10-16 | N/A | 7.8 HIGH |
| The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. | |||||
| CVE-2022-37047 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-10-16 | N/A | 7.8 HIGH |
| The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. | |||||
| CVE-2022-28487 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-27418 | 1 Broadcom | 1 Tcpreplay | 2022-10-16 | 5.1 MEDIUM | 7.8 HIGH |
| Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. | |||||
| CVE-2022-27416 | 1 Broadcom | 1 Tcpreplay | 2022-10-16 | 5.1 MEDIUM | 7.8 HIGH |
| Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. | |||||
| CVE-2022-27942 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. | |||||
| CVE-2022-27941 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. | |||||
| CVE-2022-27940 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. | |||||
| CVE-2022-27939 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2022-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. | |||||
| CVE-2021-3631 | 2 Netapp, Redhat | 4 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt and 1 more | 2022-10-16 | 3.3 LOW | 6.3 MEDIUM |
| A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
| CVE-2021-45387 | 1 Broadcom | 1 Tcpreplay | 2022-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | |||||
| CVE-2021-45386 | 1 Broadcom | 1 Tcpreplay | 2022-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c | |||||
| CVE-2021-45948 | 1 Assimp | 1 Assimp | 2022-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper). | |||||