Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32540 | 1 Bosch | 3 Bosch Video Management System, Videojet Decoder 7513, Videojet Decoder 7513 Firmware | 2022-10-04 | N/A | 5.9 MEDIUM |
| Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x. | |||||
| CVE-2022-40408 | 1 Feehi | 1 Feehicms | 2022-10-04 | N/A | 5.4 MEDIUM |
| FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. | |||||
| CVE-2017-0886 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service. | |||||
| CVE-2017-0887 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator. | |||||
| CVE-2021-32728 | 2 Debian, Nextcloud | 2 Debian Linux, Desktop | 2022-10-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2017-0884 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | |||||
| CVE-2017-0885 | 1 Nextcloud | 1 Nextcloud Server | 2022-10-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | |||||
| CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2022-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | |||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2022-10-04 | N/A | 8.8 HIGH |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | |||||
| CVE-2022-36965 | 1 Solarwinds | 1 Solarwinds Platform | 2022-10-04 | N/A | 6.1 MEDIUM |
| Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0). | |||||
| CVE-2021-36854 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2022-10-04 | N/A | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | |||||
| CVE-2022-3364 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-04 | N/A | 7.5 HIGH |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | |||||
| CVE-2021-36855 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2022-10-04 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | |||||
| CVE-2021-36839 | 1 Spacexchimp | 1 Social Media Follow Buttons Bar | 2022-10-04 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress. | |||||
| CVE-2022-40407 | 1 Chamilo | 1 Chamilo | 2022-10-04 | N/A | 8.8 HIGH |
| A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. | |||||
| CVE-2022-40475 | 1 Totolink | 2 A860r, A860r Firmware | 2022-10-04 | N/A | 9.8 CRITICAL |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. | |||||
| CVE-2022-40126 | 1 Clash Project | 1 Clash | 2022-10-04 | N/A | 7.8 HIGH |
| A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | |||||
| CVE-2022-41845 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h. | |||||
| CVE-2022-41841 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File. | |||||
| CVE-2022-41847 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp. | |||||