Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3242 | 1 Microweber | 1 Microweber | 2022-09-21 | N/A | 6.1 MEDIUM |
| Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | |||||
| CVE-2022-3000 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-23768 | 1 Neoinfosys | 2 Nis-hap11ac, Nis-hap11ac Firmware | 2022-09-21 | N/A | 9.8 CRITICAL |
| This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device. | |||||
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2022-09-21 | N/A | 9.8 CRITICAL |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |||||
| CVE-2022-2924 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. | |||||
| CVE-2022-35963 | 1 Google | 1 Tensorflow | 2022-09-21 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue. | |||||
| CVE-2022-3005 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-3004 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2022-09-21 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | |||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2022-09-21 | N/A | 8.2 HIGH |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
| CVE-2022-40432 | 1 D8s-strings Project | 1 D8s-strings | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | |||||
| CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-38882 | 1 D8s-json Project | 1 D8s-json | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38884 | 1 D8s-grammars Project | 1 D8s-grammars | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38883 | 1 D8s-math Project | 1 D8s-math | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38881 | 1 D8s-archives Project | 1 D8s-archives | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-23766 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2022-09-21 | N/A | 8.8 HIGH |
| An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website. | |||||
| CVE-2022-38886 | 1 D8s-xml Project | 1 D8s-xml | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38885 | 1 D8s-netstrings Project | 1 D8s-netstrings | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-39217 | 1 Ghas-to-csv Project | 1 Ghas-to-csv | 2022-09-21 | N/A | 9.8 CRITICAL |
| some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue. | |||||
| CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | |||||