Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17771 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2022-10-07 | 7.2 HIGH | 6.6 MEDIUM |
| Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2018-17769 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2022-10-07 | 7.2 HIGH | 6.6 MEDIUM |
| Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2018-17768 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2022-10-07 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2021-27440 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||
| CVE-2022-25797 | 1 Autodesk | 1 Dwg Trueview | 2022-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. | |||||
| CVE-2021-40159 | 1 Autodesk | 1 Inventor | 2022-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process. | |||||
| CVE-2021-40158 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2022-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2018-17767 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2022-10-07 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2022-34709 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-07 | N/A | 6.0 MEDIUM |
| Windows Defender Credential Guard Security Feature Bypass Vulnerability. | |||||
| CVE-2022-29148 | 1 Microsoft | 1 Visual Studio 2017 | 2022-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability. | |||||
| CVE-2022-26925 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows LSA Spoofing Vulnerability. | |||||
| CVE-2020-7017 | 2 Elasticsearch, Oracle | 4 Kibana, Communications Billing And Revenue Management, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more | 2022-10-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization. | |||||
| CVE-2019-20218 | 4 Canonical, Debian, Oracle and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql Workbench and 1 more | 2022-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | |||||
| CVE-2019-19451 | 3 Fedoraproject, Gnome, Opensuse | 3 Fedora, Dia, Leap | 2022-10-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. | |||||
| CVE-2019-11338 | 4 Canonical, Debian, Ffmpeg and 1 more | 4 Ubuntu Linux, Debian Linux, Ffmpeg and 1 more | 2022-10-07 | 6.8 MEDIUM | 8.8 HIGH |
| libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | |||||
| CVE-2021-40556 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-10-07 | N/A | 8.8 HIGH |
| A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. | |||||
| CVE-2021-44418 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-10-07 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdState param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-44396 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-10-07 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Preview param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-33884 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2022-10-07 | N/A | 7.5 HIGH |
| Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2022-31144 | 1 Redis | 1 Redis | 2022-10-07 | N/A | 8.8 HIGH |
| Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4. | |||||