Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40890 | 1 Open5gs | 1 Open5gs | 2022-10-03 | N/A | 7.5 HIGH |
| A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service. | |||||
| CVE-2021-40692 | 1 Moodle | 1 Moodle | 2022-10-03 | N/A | 4.3 MEDIUM |
| Insufficient capability checks made it possible for teachers to download users outside of their courses. | |||||
| CVE-2020-27601 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-10-03 | N/A | 3.5 LOW |
| In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. | |||||
| CVE-2021-40693 | 1 Moodle | 1 Moodle | 2022-10-03 | N/A | 6.5 MEDIUM |
| An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | |||||
| CVE-2022-28721 | 1 Hp | 600 1g5m0a, 1g5m0a Firmware, 1k7k6a and 597 more | 2022-10-03 | N/A | 9.8 CRITICAL |
| Certain HP Print Products are potentially vulnerable to Remote Code Execution. | |||||
| CVE-2022-3299 | 1 Open5gs | 1 Open5gs | 2022-10-03 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Open5GS up to 2.4.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library lib/sbi/client.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The name of the patch is 724fa568435dae45ef0c3a48b2aabde052afae88. It is recommended to apply a patch to fix this issue. The identifier VDB-209545 was assigned to this vulnerability. | |||||
| CVE-2022-36159 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2022-10-03 | N/A | 8.8 HIGH |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. | |||||
| CVE-2022-36158 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2022-10-03 | N/A | 8.0 HIGH |
| Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | |||||
| CVE-2022-27527 | 1 Autodesk | 1 Navisworks | 2022-10-03 | 4.4 MEDIUM | 7.8 HIGH |
| A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020. | |||||
| CVE-2022-27525 | 1 Autodesk | 1 Design Review | 2022-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2021-40167 | 1 Autodesk | 1 Design Review | 2022-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2021-40694 | 1 Moodle | 1 Moodle | 2022-10-03 | N/A | 4.9 MEDIUM |
| Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | |||||
| CVE-2021-40695 | 1 Moodle | 1 Moodle | 2022-10-03 | N/A | 4.3 MEDIUM |
| It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | |||||
| CVE-2022-1480 | 2022-10-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-2405 | 1 Themehunk | 1 Wp Popup Builder | 2022-10-03 | N/A | 4.3 MEDIUM |
| The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | |||||
| CVE-2022-2404 | 1 Themehunk | 1 Wp Popup Builder | 2022-10-03 | N/A | 6.1 MEDIUM |
| The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2022-10-03 | N/A | 4.3 MEDIUM |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | |||||
| CVE-2022-35888 | 1 Amperecomputing | 6 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 3 more | 2022-10-03 | N/A | 6.5 MEDIUM |
| Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. | |||||
| CVE-2021-40691 | 1 Moodle | 1 Moodle | 2022-10-03 | N/A | 4.3 MEDIUM |
| A session hijack risk was identified in the Shibboleth authentication plugin. | |||||
| CVE-2021-42045 | 1 Mediawiki | 1 Mediawiki | 2022-10-03 | N/A | 5.4 MEDIUM |
| An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote. | |||||