Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
| CVE-2022-40712 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. | |||||
| CVE-2022-2332 | 1 Honeywell | 1 Softmaster | 2022-09-21 | N/A | 7.8 HIGH |
| A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. | |||||
| CVE-2022-2333 | 1 Honeywell | 1 Softmaster | 2022-09-21 | N/A | 7.8 HIGH |
| If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions. | |||||
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
| CVE-2022-35194 | 1 Testlink | 1 Testlink | 2022-09-21 | N/A | 5.4 MEDIUM |
| TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php. | |||||
| CVE-2022-29908 | 1 Fabasoft | 1 Fabasoft Cloud Enterprise Client | 2022-09-21 | N/A | 7.8 HIGH |
| The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation. | |||||
| CVE-2022-40811 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-37247 | 1 Craftcms | 1 Craft Cms | 2022-09-21 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | |||||
| CVE-2022-40808 | 1 Democritus Dates Project | 1 Democritus Dates | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40807 | 1 Democritus Domains Project | 1 Democritus Domains | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-40806 | 1 Democritus Uuids Project | 1 Democritus Uuids | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-37251 | 1 Craftcms | 1 Craft Cms | 2022-09-21 | N/A | 5.4 MEDIUM |
| Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | |||||
| CVE-2022-40805 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package. | |||||
| CVE-2022-40427 | 1 Democritus Domains Project | 1 Democritus Domains | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0 | |||||
| CVE-2022-29489 | 1 Sucuri | 1 Security | 2022-09-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. | |||||
| CVE-2022-40424 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0 | |||||
| CVE-2022-40076 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic. | |||||
| CVE-2022-37258 | 1 Stealjs | 1 Steal | 2022-09-21 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. | |||||
| CVE-2022-40075 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set. | |||||