Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2230 | 1 Jenkins | 1 Jenkins | 2022-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | |||||
| CVE-2020-2229 | 1 Jenkins | 1 Jenkins | 2022-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-33888 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2022-10-05 | N/A | 7.8 HIGH |
| A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2022-33887 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2022-10-05 | N/A | 7.8 HIGH |
| A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. | |||||
| CVE-2022-33886 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2022-10-05 | N/A | 7.8 HIGH |
| A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. | |||||
| CVE-2022-33885 | 1 Autodesk | 10 Autocad, Autocad Advance Steel, Autocad Architecture and 7 more | 2022-10-05 | N/A | 7.8 HIGH |
| A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. | |||||
| CVE-2020-6479 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-24349 | 1 F5 | 1 Njs | 2022-10-05 | 2.1 LOW | 5.5 MEDIUM |
| njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface. | |||||
| CVE-2020-12271 | 1 Sophos | 2 Sfos, Xg Firewall | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords) | |||||
| CVE-2020-12112 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | |||||
| CVE-2020-11946 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. | |||||
| CVE-2020-25359 | 1 Rconfig | 1 Rconfig | 2022-10-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path. | |||||
| CVE-2020-19419 | 1 Emerson | 2 Smart Wireless Gateway 1420, Smart Wireless Gateway 1420 Firmware | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | |||||
| CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2022-10-05 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | |||||
| CVE-2021-3582 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-10-05 | 2.1 LOW | 6.5 MEDIUM |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-6564 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. | |||||
| CVE-2020-6563 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Android and 3 more | 2022-10-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | |||||
| CVE-2021-38153 | 3 Apache, Oracle, Quarkus | 8 Kafka, Communications Brm - Elastic Charging Engine, Communications Cloud Native Core Policy and 5 more | 2022-10-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0. | |||||
| CVE-2021-42013 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Cloud Backup and 3 more | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. | |||||
| CVE-2021-4104 | 4 Apache, Fedoraproject, Oracle and 1 more | 46 Log4j, Fedora, Advanced Supply Chain Planning and 43 more | 2022-10-05 | 6.0 MEDIUM | 7.5 HIGH |
| JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | |||||