Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33918 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 5.5 MEDIUM |
| Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information. | |||||
| CVE-2022-33921 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 7.8 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||
| CVE-2022-33920 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 7.8 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||
| CVE-2022-33922 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 7.8 HIGH |
| Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2022-33937 | 1 Dell | 1 Geodrive | 2022-10-14 | N/A | 7.1 HIGH |
| Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM. | |||||
| CVE-2022-35136 | 1 Boodskap | 1 Iot Platform | 2022-10-14 | N/A | 6.5 MEDIUM |
| Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. | |||||
| CVE-2022-35135 | 1 Boodskap | 1 Iot Platform | 2022-10-14 | N/A | 8.8 HIGH |
| Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. | |||||
| CVE-2022-34426 | 1 Dell | 1 Container Storage Modules | 2022-10-14 | N/A | 8.8 HIGH |
| Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | |||||
| CVE-2022-35134 | 1 Boodskap | 1 Iot Platform | 2022-10-14 | N/A | 5.4 MEDIUM |
| Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-35612 | 1 Bevywise | 1 Mqttroute | 2022-10-14 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. | |||||
| CVE-2022-41534 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-14 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41533 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-10-14 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-39300 | 1 Node Saml Project | 1 Node Saml | 2022-10-14 | N/A | 8.1 HIGH |
| node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround. | |||||
| CVE-2022-35080 | 1 Swftools | 1 Swftools | 2022-10-14 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c. | |||||
| CVE-2021-21255 | 1 Glpi-project | 1 Glpi | 2022-10-14 | 3.5 LOW | 5.7 MEDIUM |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4. | |||||
| CVE-2022-0836 | 1 Semadatacoop | 1 Sema Api | 2022-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users | |||||
| CVE-2022-0854 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-10-14 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | |||||
| CVE-2022-1328 | 3 Debian, Fedoraproject, Mutt | 3 Debian Linux, Fedora, Mutt | 2022-10-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | |||||
| CVE-2022-26874 | 2 Debian, Horde | 2 Debian Linux, Horde Mime Viewer | 2022-10-14 | 3.5 LOW | 5.4 MEDIUM |
| lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. | |||||
| CVE-2022-1734 | 3 Debian, Linux, Netapp | 18 Debian Linux, Linux Kernel, H300e and 15 more | 2022-10-14 | 4.4 MEDIUM | 7.0 HIGH |
| A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | |||||