Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40341 | 1 Mojoportal | 1 Mojoportal | 2022-10-05 | N/A | 8.8 HIGH |
| mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. | |||||
| CVE-2022-40756 | 1 Actian | 2 Psql, Zen | 2022-10-05 | N/A | 8.8 HIGH |
| If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. | |||||
| CVE-2022-40923 | 1 Lief-project | 1 Lief | 2022-10-05 | N/A | 6.5 MEDIUM |
| A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | |||||
| CVE-2022-39232 | 1 Discourse | 1 Discourse | 2022-10-05 | N/A | 4.3 MEDIUM |
| Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console. | |||||
| CVE-2020-10006 | 1 Apple | 1 Mac Os X | 2022-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files. | |||||
| CVE-2020-13528 | 1 Lantronix | 2 Xport Edge, Xport Edge Firmware | 2022-10-05 | 2.6 LOW | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability. | |||||
| CVE-2020-13497 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2022-34428 | 1 Dell | 1 Hybrid Client | 2022-10-05 | N/A | 2.7 LOW |
| Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | |||||
| CVE-2022-34429 | 1 Dell | 1 Hybrid Client | 2022-10-05 | N/A | 7.1 HIGH |
| Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | |||||
| CVE-2020-13494 | 2 Apple, Pixar | 2 Macos, Openusd | 2022-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-19305 | 1 Metinfo | 1 Metinfo | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | |||||
| CVE-2022-0788 | 1 Wpmet | 1 Wp Fundraising Donation And Crowdfunding Platform | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users | |||||
| CVE-2022-31751 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-10-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-1998 | 4 Fedoraproject, Linux, Netapp and 1 more | 13 Fedora, Linux Kernel, H300s and 10 more | 2022-10-05 | 7.2 HIGH | 7.8 HIGH |
| A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2022-29617 | 1 Sap | 1 Contributor License Agreement Assistant | 2022-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. | |||||
| CVE-2022-23712 | 1 Elastic | 1 Elasticsearch | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. | |||||
| CVE-2022-1593 | 1 Site Offline Or Coming Soon Project | 1 Site Offline Or Coming Soon | 2022-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack | |||||
| CVE-2022-30184 | 3 Apple, Fedoraproject, Microsoft | 7 Macos, Fedora, .net and 4 more | 2022-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| .NET and Visual Studio Information Disclosure Vulnerability. | |||||
| CVE-2022-30165 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability. | |||||
| CVE-2022-31762 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-10-05 | 4.6 MEDIUM | 7.8 HIGH |
| The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. | |||||