Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32217 | 1 Rocket.chat | 1 Rocket.chat | 2022-09-27 | N/A | 5.3 MEDIUM |
| A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. | |||||
| CVE-2022-33682 | 1 Apache | 1 Pulsar | 2022-09-27 | N/A | 5.9 MEDIUM |
| TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. The vulnerability is for both the pulsar+ssl protocol and HTTPS. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. This issue affects Apache Pulsar Broker, Proxy, and WebSocket Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier. | |||||
| CVE-2022-33683 | 1 Apache | 1 Pulsar | 2022-09-27 | N/A | 5.9 MEDIUM |
| Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. This issue affects Apache Pulsar Broker and Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier. | |||||
| CVE-2022-30124 | 1 Rocket.chat | 1 Rocket.chat | 2022-09-27 | N/A | 6.8 MEDIUM |
| An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). | |||||
| CVE-2022-40359 | 1 Kfm Project | 1 Kfm | 2022-09-27 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php. | |||||
| CVE-2022-35721 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2022-09-27 | N/A | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380. | |||||
| CVE-2022-38061 | 1 Apasionados | 1 Export Post Info | 2022-09-27 | N/A | 5.7 MEDIUM |
| Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress. | |||||
| CVE-2022-37342 | 1 Add Shortcodes Actions And Filters Project | 1 Add Shortcodes Actions And Filters | 2022-09-27 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress. | |||||
| CVE-2022-36338 | 1 Insyde | 1 Insydeh2o | 2022-09-26 | N/A | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI. | |||||
| CVE-2022-40101 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-26 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2021-41437 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2022-09-26 | N/A | 6.5 MEDIUM |
| An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | |||||
| CVE-2022-40105 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-26 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-40402 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-09-26 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php. | |||||
| CVE-2022-40404 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-09-26 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php. | |||||
| CVE-2022-37234 | 1 Netgear | 2 R7000, R7000 Firmware | 2022-09-26 | N/A | 7.8 HIGH |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | |||||
| CVE-2022-40403 | 1 Wedding Planner Project | 1 Wedding Planner | 2022-09-26 | N/A | 7.2 HIGH |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php. | |||||
| CVE-2022-22629 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2022-09-26 | N/A | 8.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-26707 | 1 Apple | 1 Macos | 2022-09-26 | N/A | 5.5 MEDIUM |
| An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information. | |||||
| CVE-2022-3098 | 1 Gunkastudios | 1 Login Block Ips | 2022-09-26 | N/A | 4.3 MEDIUM |
| The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2022-40106 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-26 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||