Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40074 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi. | |||||
| CVE-2022-40073 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo. | |||||
| CVE-2022-40072 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement. | |||||
| CVE-2022-40071 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName. | |||||
| CVE-2020-25491 | 1 6kare | 1 Emakin | 2022-09-21 | N/A | 6.1 MEDIUM |
| 6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page. | |||||
| CVE-2022-40070 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg. | |||||
| CVE-2022-40069 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| ]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime. | |||||
| CVE-2022-40068 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand. | |||||
| CVE-2022-40067 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-09-21 | N/A | 7.5 HIGH |
| Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer. | |||||
| CVE-2022-3214 | 1 Deltaww | 1 Diaenergie | 2022-09-21 | N/A | 9.8 CRITICAL |
| Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Version 1.8.0 and prior have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution. | |||||
| CVE-2022-39210 | 1 Nextcloud | 1 Nextcloud | 2022-09-21 | N/A | 5.5 MEDIUM |
| Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue. | |||||
| CVE-2022-3036 | 1 Gettext Override Translations Project | 1 Gettext Override Translations | 2022-09-21 | N/A | 4.8 MEDIUM |
| The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3021 | 1 Diywebmastery | 1 Slickr Flickr | 2022-09-21 | N/A | 4.8 MEDIUM |
| The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-38880 | 1 Democritus Urls Project | 1 Democritus Urls | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0. | |||||
| CVE-2022-39211 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2022-09-21 | N/A | 5.3 MEDIUM |
| Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue. | |||||
| CVE-2022-38617 | 1 Bpcbt | 1 Smartvista | 2022-09-21 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. | |||||
| CVE-2022-40774 | 1 Axiosys | 1 Bento4 | 2022-09-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize. | |||||
| CVE-2022-40778 | 1 Opswat | 1 Metadefender | 2022-09-21 | N/A | 5.4 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | |||||
| CVE-2022-40775 | 1 Axiosys | 1 Bento4 | 2022-09-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields. | |||||
| CVE-2022-40769 | 1 Profanity Project | 1 Profanity | 2022-09-21 | N/A | 7.5 HIGH |
| profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022. | |||||