Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5799 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-5795 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | |||||
| CVE-2019-5798 | 6 Canonical, Debian, Google and 3 more | 7 Ubuntu Linux, Debian Linux, Chrome and 4 more | 2022-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2019-5793 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |||||
| CVE-2019-5792 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | |||||
| CVE-2019-5791 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2019-5790 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2019-5789 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 9.3 HIGH | 8.8 HIGH |
| An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-5788 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 9.3 HIGH | 8.8 HIGH |
| An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2022-39853 | 2 Google, Qualcomm | 3 Android, Sm8150, Sm8250 | 2022-10-11 | N/A | 7.8 HIGH |
| A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2019-5787 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 9.3 HIGH | 8.8 HIGH |
| Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5820 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2022-39289 | 1 Zoneminder | 1 Zoneminder | 2022-10-11 | N/A | 7.5 HIGH |
| ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging. | |||||
| CVE-2022-31681 | 1 Vmware | 2 Cloud Foundation, Esxi | 2022-10-11 | N/A | 6.5 MEDIUM |
| VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host. | |||||
| CVE-2022-31680 | 1 Vmware | 1 Vcenter Server | 2022-10-11 | N/A | 9.1 CRITICAL |
| The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. | |||||
| CVE-2022-39285 | 1 Zoneminder | 1 Zoneminder | 2022-10-11 | N/A | 5.4 MEDIUM |
| ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging. | |||||
| CVE-2022-39287 | 1 Tiny-csrf Project | 1 Tiny-csrf | 2022-10-11 | N/A | 6.5 MEDIUM |
| tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version 1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-41379 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2022-10-11 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41414 | 1 Liferay | 1 Liferay Portal | 2022-10-11 | N/A | 5.3 MEDIUM |
| An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | |||||
| CVE-2022-33139 | 1 Siemens | 1 Wincc Open Architecture | 2022-10-11 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. | |||||