Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22522 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-09-29 | N/A | 9.8 CRITICAL |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device. | |||||
| CVE-2022-40942 | 1 Tenda | 2 Tx3, Tx3 Firmware | 2022-09-29 | N/A | 9.8 CRITICAL |
| Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. | |||||
| CVE-2020-25708 | 2 Libvncserver Project, Redhat | 2 Libvncserver, Enterprise Linux | 2022-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | |||||
| CVE-2022-38012 | 1 Microsoft | 1 Edge Chromium | 2022-09-29 | N/A | 7.7 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. | |||||
| CVE-2022-40048 | 1 Flatpress | 1 Flatpress | 2022-09-29 | N/A | 7.2 HIGH |
| Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. | |||||
| CVE-2022-3193 | 1 Ovirt | 1 Ovirt-engine | 2022-09-29 | N/A | 6.1 MEDIUM |
| An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages. | |||||
| CVE-2022-40929 | 1 Xuxueli | 1 Xxl-job | 2022-09-29 | N/A | 9.8 CRITICAL |
| XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. | |||||
| CVE-2022-38934 | 1 Toaruos | 1 Toaruos | 2022-09-29 | N/A | 3.3 LOW |
| readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file. | |||||
| CVE-2021-41434 | 1 Expense Management System Project | 1 Expense Management System | 2022-09-29 | N/A | 5.4 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php. | |||||
| CVE-2022-40083 | 1 Labstack | 1 Echo | 2022-09-29 | N/A | 9.6 CRITICAL |
| Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). | |||||
| CVE-2022-40082 | 2 Cloudwego, Microsoft | 2 Hertz, Windows | 2022-09-29 | N/A | 7.5 HIGH |
| Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | |||||
| CVE-2022-39258 | 1 Mailcow | 1 Mailcow\ | 2022-09-29 | N/A | 8.2 HIGH |
| mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server. | |||||
| CVE-2019-13049 | 1 Toaruos Project | 1 Toaruos | 2022-09-29 | 7.2 HIGH | 7.8 HIGH |
| An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARU_SYS_FUNC_MMAP, leading to escalation of privileges. | |||||
| CVE-2019-13048 | 1 Toaruos Project | 1 Toaruos | 2022-09-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of service upon a critical error in certain sys_sbrk allocation patterns (involving PAGE_SIZE, and a value less than PAGE_SIZE). | |||||
| CVE-2019-13047 | 1 Toaruos Project | 1 Toaruos | 2022-09-29 | 7.2 HIGH | 7.8 HIGH |
| kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. | |||||
| CVE-2019-13046 | 1 Toaruos Project | 1 Toaruos | 2022-09-29 | 7.2 HIGH | 7.8 HIGH |
| linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications. | |||||
| CVE-2019-12937 | 1 Toaruos Project | 1 Toaruos | 2022-09-29 | 7.2 HIGH | 7.8 HIGH |
| apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable. | |||||
| CVE-2022-29504 | 2022-09-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2022. Notes: none. | |||||
| CVE-2019-20325 | 2022-09-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||
| CVE-2019-20324 | 2022-09-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||