Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3251 | 1 Ikus-soft | 1 Minarca | 2022-09-23 | N/A | 5.3 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
| CVE-2022-36365 | 1 Webhelpagency | 1 Wha Crossword | 2022-09-23 | N/A | 5.4 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Crossword plugin <= 1.1.10 at WordPress. | |||||
| CVE-2022-32300 | 1 Youdiancms | 1 Youdiancms | 2022-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. | |||||
| CVE-2022-32299 | 1 Youdiancms | 1 Youdiancms | 2022-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. | |||||
| CVE-2022-32301 | 1 Youdiancms | 1 Youdiancms | 2022-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php. | |||||
| CVE-2020-22864 | 1 Froala | 1 Froala Editor | 2022-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-20977 | 1 Ukcms | 1 Ukcms | 2022-09-23 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section. | |||||
| CVE-2021-28114 | 1 Froala | 1 Froala Editor | 2022-09-23 | 3.5 LOW | 5.4 MEDIUM |
| Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | |||||
| CVE-2022-2191 | 1 Eclipse | 1 Jetty | 2022-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. | |||||
| CVE-2022-31805 | 1 Codesys | 10 Development System, Edge Gateway, Gateway and 7 more | 2022-09-23 | 4.3 MEDIUM | 7.5 HIGH |
| In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. | |||||
| CVE-2022-1794 | 2 Codesys, Microsoft | 2 Opc Da Server, Windows | 2022-09-23 | 4.7 MEDIUM | 5.5 MEDIUM |
| The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. | |||||
| CVE-2022-30791 | 1 Codesys | 19 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 Sl and 16 more | 2022-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected. | |||||
| CVE-2022-30792 | 1 Codesys | 19 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 Sl and 16 more | 2022-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected. | |||||
| CVE-2020-25085 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 4.4 MEDIUM | 5.0 MEDIUM |
| QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | |||||
| CVE-2020-15859 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 2.1 LOW | 3.3 LOW |
| QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. | |||||
| CVE-2020-15469 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 2.1 LOW | 2.3 LOW |
| In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | |||||
| CVE-2020-13253 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2022-09-23 | 2.1 LOW | 5.5 MEDIUM |
| sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. | |||||
| CVE-2020-27617 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | |||||
| CVE-2020-25625 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 4.7 MEDIUM | 5.3 MEDIUM |
| hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | |||||
| CVE-2020-25084 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 2.1 LOW | 3.2 LOW |
| QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. | |||||