Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41846 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp. | |||||
| CVE-2022-41844 | 1 Xpdfreader | 1 Xpdf | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. | |||||
| CVE-2022-41843 | 1 Xpdfreader | 1 Xpdf | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. | |||||
| CVE-2022-41842 | 1 Xpdfreader | 1 Xpdf | 2022-10-03 | N/A | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. | |||||
| CVE-2022-38732 | 1 Netapp | 1 Snapcenter | 2022-10-03 | N/A | 7.5 HIGH |
| SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. | |||||
| CVE-2022-39254 | 1 Matrix-nio Project | 1 Matrix-nio | 2022-10-03 | N/A | 6.5 MEDIUM |
| matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue. | |||||
| CVE-2022-39252 | 1 Matrix | 1 Matrix-rust-sdk | 2022-10-03 | N/A | 7.5 HIGH |
| matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue. | |||||
| CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2022-10-03 | N/A | 7.5 HIGH |
| IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | |||||
| CVE-2022-40931 | 1 Dutchcoders | 1 Transfer.sh | 2022-10-03 | N/A | 6.1 MEDIUM |
| dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-40472 | 1 Zktec | 1 Zkbio Time | 2022-10-03 | N/A | 8.0 HIGH |
| ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module. | |||||
| CVE-2022-29503 | 3 Anker, Uclibc, Uclibc-ng Project | 4 Eufy Homebase 2, Eufy Homebase 2 Firmware, Uclibc and 1 more | 2022-10-03 | N/A | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability. | |||||
| CVE-2022-32170 | 1 Bytebase | 1 Bytebase | 2022-10-03 | N/A | 4.3 MEDIUM |
| The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”. | |||||
| CVE-2022-32169 | 1 Bytebase | 1 Bytebase | 2022-10-03 | N/A | 4.3 MEDIUM |
| The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”. | |||||
| CVE-2022-23006 | 1 Westerndigital | 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more | 2022-10-03 | N/A | 6.7 MEDIUM |
| A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes. | |||||
| CVE-2020-27602 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-10-03 | N/A | 9.8 CRITICAL |
| BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | |||||
| CVE-2022-41430 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 8.8 HIGH |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. | |||||
| CVE-2022-41429 | 1 Axiosys | 1 Bento4 | 2022-10-03 | N/A | 8.8 HIGH |
| Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. | |||||
| CVE-2020-35674 | 1 Bigprof | 1 Online Invoicing System | 2022-10-03 | N/A | 9.8 CRITICAL |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. | |||||
| CVE-2022-37193 | 1 Chipolo | 2 Chipolo, Chipolo One | 2022-10-03 | N/A | 7.4 HIGH |
| Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials. | |||||
| CVE-2020-35675 | 1 Bigprof | 1 Online Invoicing System | 2022-10-03 | N/A | 8.8 HIGH |
| BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application. | |||||