Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29429 | 1 Code Snippets Extended Project | 1 Code Snippets Extended | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. | |||||
| CVE-2020-1951 | 4 Apache, Canonical, Debian and 1 more | 6 Tika, Ubuntu Linux, Debian Linux and 3 more | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. | |||||
| CVE-2020-1950 | 4 Apache, Canonical, Debian and 1 more | 6 Tika, Ubuntu Linux, Debian Linux and 3 more | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. | |||||
| CVE-2020-7478 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. | |||||
| CVE-2019-9721 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2022-10-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. | |||||
| CVE-2020-6456 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. | |||||
| CVE-2020-6455 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6445 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-16223 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2022-10-06 | 3.5 LOW | 5.4 MEDIUM |
| WordPress before 5.2.3 allows XSS in post previews by authenticated users. | |||||
| CVE-2020-6452 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports and 1 more | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6442 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-6443 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2020-6446 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6441 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | |||||
| CVE-2021-46167 | 1 Wizplat | 2 Pd065, Pd065 Firmware | 2022-10-06 | 4.6 MEDIUM | 7.8 HIGH |
| An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). | |||||
| CVE-2020-10381 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2022-10-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names. | |||||
| CVE-2019-17052 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-10-06 | 2.1 LOW | 3.3 LOW |
| ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | |||||
| CVE-2020-13765 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2022-10-06 | 6.8 MEDIUM | 5.6 MEDIUM |
| rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | |||||
| CVE-2020-13904 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | |||||
| CVE-2020-4040 | 1 Boltcms | 1 Bolt | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 | |||||