Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2472 | 1 Ezviz | 2 Cs-c6n-a0-1c2wfr, Cs-c6n-a0-1c2wfr Firmware | 2022-09-19 | N/A | 5.5 MEDIUM |
| Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. | |||||
| CVE-2022-40306 | 1 Ecisolutions | 1 Printanista Managed Print Service | 2022-09-19 | N/A | 5.9 MEDIUM |
| The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) through 2022-06-27 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly. | |||||
| CVE-2022-38856 | 1 Mplayerhq | 2 Mencoder, Mplayer | 2022-09-19 | N/A | 5.5 MEDIUM |
| Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | |||||
| CVE-2022-34002 | 1 Pdssoftware | 1 Pds Vista 7 | 2022-09-19 | N/A | 6.5 MEDIUM |
| The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application. | |||||
| CVE-2022-1798 | 1 Kubevirt | 1 Kubevirt | 2022-09-19 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible. | |||||
| CVE-2022-35582 | 1 Pentasecurity | 1 Wapples | 2022-09-19 | N/A | 8.8 HIGH |
| Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control. | |||||
| CVE-2022-38862 | 1 Mplayerhq | 2 Mencoder, Mplayer | 2022-09-19 | N/A | 7.8 HIGH |
| Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | |||||
| CVE-2020-23558 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. | |||||
| CVE-2020-23557 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d. | |||||
| CVE-2020-23556 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28. | |||||
| CVE-2020-23559 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. | |||||
| CVE-2020-23560 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. | |||||
| CVE-2020-23555 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e. | |||||
| CVE-2020-23554 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20. | |||||
| CVE-2020-23553 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33. | |||||
| CVE-2020-23552 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62. | |||||
| CVE-2022-27561 | 1 Hcltech | 1 Traveler | 2022-09-19 | N/A | 4.8 MEDIUM |
| There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). | |||||
| CVE-2022-26959 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-09-19 | N/A | 9.8 CRITICAL |
| There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite. | |||||
| CVE-2022-40638 | 1 Ansys | 1 Spaceclaim | 2022-09-19 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17102. | |||||
| CVE-2022-40640 | 1 Ansys | 1 Spaceclaim | 2022-09-19 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17308. | |||||