Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41975 | 2 Microsoft, Realvnc | 3 Windows, Vnc Server, Vnc Viewer | 2022-10-04 | N/A | 7.8 HIGH |
| RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. | |||||
| CVE-2022-40944 | 1 Dairy Farm Shop Management System Project | 1 Dairy Farm Shop Management System | 2022-10-04 | N/A | 9.8 CRITICAL |
| Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. | |||||
| CVE-2021-33354 | 1 Htmly | 1 Htmly | 2022-10-04 | N/A | 8.1 HIGH |
| Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. | |||||
| CVE-2022-40316 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-10-04 | N/A | 4.3 MEDIUM |
| The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | |||||
| CVE-2022-40315 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-10-04 | N/A | 9.8 CRITICAL |
| A limited SQL injection risk was identified in the "browse list of users" site administration page. | |||||
| CVE-2022-40314 | 1 Moodle | 1 Moodle | 2022-10-04 | N/A | 9.8 CRITICAL |
| A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | |||||
| CVE-2022-40943 | 1 Dairy Farm Shop Management System Project | 1 Dairy Farm Shop Management System | 2022-10-04 | N/A | 9.8 CRITICAL |
| Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. | |||||
| CVE-2022-41440 | 1 Billing System Project Project | 1 Billing System Project | 2022-10-04 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. | |||||
| CVE-2021-36830 | 1 Comment Guestbook Project | 1 Comment Guestbook | 2022-10-04 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress. | |||||
| CVE-2022-41439 | 1 Billing System Project Project | 1 Billing System Project | 2022-10-04 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. | |||||
| CVE-2022-41437 | 1 Billing System Project Project | 1 Billing System Project | 2022-10-04 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. | |||||
| CVE-2022-23726 | 1 Pingidentity | 1 Pingcentral | 2022-10-04 | N/A | 4.9 MEDIUM |
| PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | |||||
| CVE-2022-3371 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-04 | N/A | 7.5 HIGH |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | |||||
| CVE-2022-37461 | 1 Canon | 1 Medical Vitrea View | 2022-10-04 | N/A | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information. | |||||
| CVE-2022-2529 | 1 Cloudflare | 1 Goflow | 2022-10-04 | N/A | 7.5 HIGH |
| sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. | |||||
| CVE-2022-2922 | 1 Dnnsoftware | 1 Dotnetnuke | 2022-10-04 | N/A | 4.9 MEDIUM |
| Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | |||||
| CVE-2022-41848 | 1 Linux | 1 Linux Kernel | 2022-10-04 | N/A | 4.2 MEDIUM |
| drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. | |||||
| CVE-2020-28017 | 1 Exim | 1 Exim | 2022-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. | |||||
| CVE-2020-29652 | 1 Golang | 1 Ssh | 2022-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | |||||
| CVE-2021-42767 | 1 Neo4j | 1 Awesome Procedures | 2022-10-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1. | |||||