Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28637 | 2 Hp, Hpe | 77 Apollo 4200 Gen10 Server, Apollo 4500, Apollo R2000 Chassis and 74 more | 2022-09-23 | N/A | 7.8 HIGH |
| A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities. | |||||
| CVE-2022-41220 | 1 Md2roff Project | 1 Md2roff | 2022-09-23 | N/A | 9.8 CRITICAL |
| ** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input. | |||||
| CVE-2022-40091 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2022-09-23 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php. | |||||
| CVE-2022-40092 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2022-09-23 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php. | |||||
| CVE-2022-40093 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2022-09-23 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php. | |||||
| CVE-2022-40213 | 1 Gsplugins | 1 Gs Testimonial Slider | 2022-09-23 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress. | |||||
| CVE-2022-28978 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-23 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name. | |||||
| CVE-2022-28979 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-23 | N/A | 6.1 MEDIUM |
| Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field. | |||||
| CVE-2022-39975 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-23 | N/A | 4.3 MEDIUM |
| The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation. | |||||
| CVE-2022-39221 | 2 Mcwebserver Minecraft Mod For Fabric And Quilt Project, Mcwebserver Minecraft Mod For Forge Project | 2 Mcwebserver Minecraft Mod For Fabric And Quilt, Mcwebserver Minecraft Mod For Forge | 2022-09-23 | N/A | 7.5 HIGH |
| McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory. | |||||
| CVE-2022-37026 | 1 Erlang | 1 Erlang\/otp | 2022-09-23 | N/A | 9.8 CRITICAL |
| In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. | |||||
| CVE-2022-2872 | 1 Octoprint | 1 Octoprint | 2022-09-23 | N/A | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. | |||||
| CVE-2022-28977 | 1 Liferay | 2 Dxp, Liferay Portal | 2022-09-23 | N/A | 6.1 MEDIUM |
| HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. | |||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2022-09-23 | N/A | 9.8 CRITICAL |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | |||||
| CVE-2022-28981 | 1 Liferay | 1 Liferay Portal | 2022-09-23 | N/A | 7.5 HIGH |
| Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter. | |||||
| CVE-2022-2315 | 1 Databank | 1 Accreditation Tracking\/presentation Module | 2022-09-23 | N/A | 9.8 CRITICAL |
| Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2022-29799 | 1 Microsoft | 1 Windows Defender For Endpoint | 2022-09-23 | N/A | 5.5 MEDIUM |
| A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory. | |||||
| CVE-2022-29800 | 1 Microsoft | 1 Windows Defender For Endpoint | 2022-09-23 | N/A | 4.7 MEDIUM |
| A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not. | |||||
| CVE-2022-36383 | 1 Webhelpagency | 1 Wha Wordsearch | 2022-09-23 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress. | |||||
| CVE-2022-3250 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-23 | N/A | 5.3 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6. | |||||