Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40100 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-26 | N/A | 9.8 CRITICAL |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. | |||||
| CVE-2022-3070 | 1 Zealousweb | 1 Generate Pdf Using Contact Form 7 | 2022-09-26 | N/A | 4.8 MEDIUM |
| The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-3076 | 1 Cminds | 1 Cm Download Manager | 2022-09-26 | N/A | 7.2 HIGH |
| The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. | |||||
| CVE-2022-40102 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-26 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-40104 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-26 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-40103 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-26 | N/A | 5.5 MEDIUM |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-35094 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | |||||
| CVE-2022-35093 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. | |||||
| CVE-2022-35091 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow() | |||||
| CVE-2022-40107 | 1 Tenda | 2 I9, I9 Firmware | 2022-09-26 | N/A | 7.5 HIGH |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | |||||
| CVE-2022-35099 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc. | |||||
| CVE-2022-35095 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. | |||||
| CVE-2022-35098 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc. | |||||
| CVE-2022-35097 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc. | |||||
| CVE-2022-35096 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. | |||||
| CVE-2022-35092 | 1 Swftools | 1 Swftools | 2022-09-26 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c. | |||||
| CVE-2022-3135 | 1 Seo Smart Links Project | 1 Seo Smart Links | 2022-09-26 | N/A | 4.8 MEDIUM |
| The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3062 | 1 Simplefilelist | 1 Simple-file-list | 2022-09-26 | N/A | 6.1 MEDIUM |
| The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-3074 | 1 Quantumcloud | 1 Slider Hero | 2022-09-26 | N/A | 4.8 MEDIUM |
| The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. | |||||
| CVE-2022-3069 | 1 Wordlift | 1 Wordlift | 2022-09-26 | N/A | 4.8 MEDIUM |
| The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||