Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40766 | 1 Moderncampus | 1 Omni Cms | 2022-09-20 | N/A | 9.8 CRITICAL |
| Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. | |||||
| CVE-2022-3232 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-20 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. | |||||
| CVE-2022-39960 | 1 Netic | 1 Group Export | 2022-09-20 | N/A | 5.3 MEDIUM |
| The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI. | |||||
| CVE-2022-3231 | 1 Librenms | 1 Librenms | 2022-09-20 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0. | |||||
| CVE-2022-3173 | 1 Snipeitapp | 1 Snipe-it | 2022-09-20 | N/A | 4.3 MEDIUM |
| Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | |||||
| CVE-2022-39212 | 1 Nextcloud | 1 Talk | 2022-09-20 | N/A | 5.3 MEDIUM |
| Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or 14.0.4. Users unable to upgrade should select "None" as camera before joining the call. | |||||
| CVE-2022-40300 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-09-20 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | |||||
| CVE-2022-39215 | 1 Tauri | 1 Tauri | 2022-09-20 | N/A | 5.8 MEDIUM |
| Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`. | |||||
| CVE-2020-18778 | 1 Libav | 1 Libav | 2022-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | |||||
| CVE-2020-18775 | 1 Libav | 1 Libav | 2022-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | |||||
| CVE-2020-18885 | 1 Phpmywind | 1 Phpmywind | 2022-09-20 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | |||||
| CVE-2020-18899 | 1 Exiv2 | 1 Exiv2 | 2022-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. | |||||
| CVE-2020-19751 | 1 Gpac | 1 Gpac | 2022-09-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. | |||||
| CVE-2020-19750 | 1 Gpac | 1 Gpac | 2022-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. | |||||
| CVE-2020-18048 | 1 Bertanddip | 1 Craigms | 2022-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. | |||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2022-09-20 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | |||||
| CVE-2020-21050 | 1 Libsixel Project | 1 Libsixel | 2022-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. | |||||
| CVE-2022-36834 | 1 Samsung | 1 Game Launcher | 2022-09-20 | N/A | 5.0 MEDIUM |
| Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | |||||
| CVE-2022-33734 | 1 Samsung | 1 Charm | 2022-09-20 | N/A | 5.5 MEDIUM |
| Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | |||||
| CVE-2022-33733 | 1 Samsung | 1 Charm | 2022-09-20 | N/A | 3.3 LOW |
| Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | |||||