Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37724 | 1 Apple | 1 Webobjects | 2022-09-19 | N/A | 6.1 MEDIUM |
| Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. | |||||
| CVE-2020-23551 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30. | |||||
| CVE-2020-23550 | 1 Irfanview | 1 Irfanview | 2022-09-19 | N/A | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82. | |||||
| CVE-2022-40637 | 1 Ansys | 1 Spaceclaim | 2022-09-19 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17045. | |||||
| CVE-2022-40636 | 1 Ansys | 1 Spaceclaim | 2022-09-19 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17044. | |||||
| CVE-2022-20398 | 1 Google | 1 Android | 2022-09-19 | N/A | 7.8 HIGH |
| In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734 | |||||
| CVE-2021-23382 | 1 Postcss | 1 Postcss | 2022-09-19 | 5.0 MEDIUM | 7.5 HIGH |
| The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). | |||||
| CVE-2022-3222 | 1 Gpac | 1 Gpac | 2022-09-19 | N/A | 5.5 MEDIUM |
| Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. | |||||
| CVE-2022-31735 | 1 Osstech | 1 Openam | 2022-09-19 | N/A | 6.1 MEDIUM |
| OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website. | |||||
| CVE-2021-46790 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2022-09-19 | 4.6 MEDIUM | 7.8 HIGH |
| ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. | |||||
| CVE-2022-40439 | 1 Axiosys | 1 Bento4 | 2022-09-19 | N/A | 6.5 MEDIUM |
| An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2022-40438 | 1 Axiosys | 1 Bento4 | 2022-09-19 | N/A | 6.5 MEDIUM |
| Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2022-31247 | 1 Suse | 1 Rancher | 2022-09-19 | N/A | 8.8 HIGH |
| An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16. | |||||
| CVE-2022-37264 | 1 Stealjs | 1 Steal | 2022-09-19 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. | |||||
| CVE-2022-37262 | 1 Stealjs | 1 Steal | 2022-09-19 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. | |||||
| CVE-2022-37201 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-19 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-37266 | 1 Stealjs | 1 Steal | 2022-09-19 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. | |||||
| CVE-2022-37257 | 1 Stealjs | 1 Steal | 2022-09-19 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. | |||||
| CVE-2022-36112 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 5.8 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds. | |||||
| CVE-2022-40738 | 1 Axiosys | 1 Bento4 | 2022-09-19 | N/A | 6.5 MEDIUM |
| An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write. | |||||