Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39714 | 1 Google | 1 Android | 2022-09-28 | 4.6 MEDIUM | 7.8 HIGH |
| In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel | |||||
| CVE-2021-4145 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2022-09-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. | |||||
| CVE-2021-45078 | 5 Debian, Fedoraproject, Gnu and 2 more | 5 Debian Linux, Fedora, Binutils and 2 more | 2022-09-28 | 6.8 MEDIUM | 7.8 HIGH |
| stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. | |||||
| CVE-2022-40050 | 1 Zfile | 1 Zfile | 2022-09-28 | N/A | 9.8 CRITICAL |
| ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. | |||||
| CVE-2022-40784 | 1 Mipcm | 2 Mipc Camera, Mipc Camera Firmware | 2022-09-28 | N/A | 8.8 HIGH |
| Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406. | |||||
| CVE-2021-24284 | 1 Kaswara Project | 1 Kaswara | 2022-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP. | |||||
| CVE-2020-4757 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2022-09-28 | 3.5 LOW | 6.4 MEDIUM |
| IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. | |||||
| CVE-2020-25626 | 3 Debian, Encode, Redhat | 3 Debian Linux, Django Rest Framework, Ceph Storage | 2022-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. | |||||
| CVE-2022-39245 | 1 Makedeb | 1 Mist | 2022-09-28 | N/A | 7.8 HIGH |
| Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. | |||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2022-09-28 | N/A | 9.8 CRITICAL |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | |||||
| CVE-2022-22387 | 1 Ibm | 1 Application Gateway | 2022-09-28 | N/A | 5.4 MEDIUM |
| IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965. | |||||
| CVE-2022-35282 | 1 Ibm | 1 Websphere Application Server | 2022-09-28 | N/A | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. | |||||
| CVE-2022-35722 | 1 Ibm | 1 Jazz For Service Management | 2022-09-28 | N/A | 5.4 MEDIUM |
| IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381. | |||||
| CVE-2022-22058 | 1 Qualcomm | 158 Apq8009, Apq8009 Firmware, Apq8009w and 155 more | 2022-09-28 | N/A | 7.8 HIGH |
| Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-40044 | 1 Centreon | 1 Centreon | 2022-09-28 | N/A | 5.4 MEDIUM |
| Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | |||||
| CVE-2022-40043 | 1 Centreon | 1 Centreon | 2022-09-28 | N/A | 8.8 HIGH |
| Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. | |||||
| CVE-2022-36771 | 1 Ibm | 1 Qradar User Behavior Analytics | 2022-09-28 | N/A | 6.5 MEDIUM |
| IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791. | |||||
| CVE-2022-32789 | 1 Apple | 1 Macos | 2022-09-28 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences. | |||||
| CVE-2022-3301 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-28 | N/A | 2.4 LOW |
| Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8. | |||||
| CVE-2022-2903 | 1 Ninjaforms | 1 Ninja Forms | 2022-09-28 | N/A | 7.2 HIGH |
| The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | |||||