Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3470 | 6 Fedoraproject, Mariadb, Openssl and 3 more | 11 Fedora, Mariadb, Openssl and 8 more | 2022-09-16 | 4.3 MEDIUM | N/A |
| The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. | |||||
| CVE-2013-1548 | 3 Mariadb, Oracle, Redhat | 6 Mariadb, Mysql, Enterprise Linux Desktop and 3 more | 2022-09-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. | |||||
| CVE-2012-5096 | 3 Canonical, Mariadb, Oracle | 3 Ubuntu Linux, Mariadb, Mysql | 2022-09-16 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. | |||||
| CVE-2022-38595 | 1 Church Management System Project | 1 Church Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. | |||||
| CVE-2022-38594 | 1 Church Management System Project | 1 Church Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. | |||||
| CVE-2022-38352 | 1 Thinkphp | 1 Thinkphp | 2022-09-16 | N/A | 9.8 CRITICAL |
| ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2022-38323 | 1 Event Management System Project | 1 Event Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-40365 | 1 Gocron Project | 1 Gocron | 2022-09-16 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. | |||||
| CVE-2022-38301 | 1 Onedev Project | 1 Onedev | 2022-09-16 | N/A | 8.8 HIGH |
| Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. | |||||
| CVE-2022-20385 | 1 Google | 1 Android | 2022-09-16 | N/A | 9.8 CRITICAL |
| a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819 | |||||
| CVE-2022-3212 | 1 Axum-core Project | 1 Axum-core | 2022-09-16 | N/A | 7.5 HIGH |
| <bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String | |||||
| CVE-2022-38796 | 1 Feehi | 1 Feehi Cms | 2022-09-16 | N/A | 6.1 MEDIUM |
| A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails. | |||||
| CVE-2022-34831 | 1 Primekey | 1 Ejbca | 2022-09-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one or multiple dnsNames. These are validated properly in the ACME challenge. However, if the validation passes, a non-compliant client can include additional dnsNames the CSR sent to the finalize endpoint, resulting in EJBCA issuing a certificate including the identifiers that were not validated. This occurs even if the certificate profile is configured to not allow a DN override by the CSR. | |||||
| CVE-2022-39814 | 1 Nokia | 1 1350 Optical Management System | 2022-09-16 | N/A | 6.1 MEDIUM |
| In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | |||||
| CVE-2022-35803 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-16 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969. | |||||
| CVE-2021-0943 | 1 Google | 1 Android | 2022-09-16 | N/A | 7.8 HIGH |
| In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-238916921 | |||||
| CVE-2022-38011 | 1 Microsoft | 3 Raw Image Extension, Windows 10, Windows 11 | 2022-09-16 | N/A | 7.3 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability. | |||||
| CVE-2022-38010 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2022-09-16 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37963. | |||||
| CVE-2021-0942 | 1 Google | 1 Android | 2022-09-16 | N/A | 9.8 CRITICAL |
| The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]);With the current PoC this crashes as an OOB read. However, given that the OOB read value is ending up as the address field of a struct I think i seems plausible that this could lead to an OOB write if the attacker is able to cause the OOB read to pull an interesting kernel address. Regardless if this is a read or write, it is a High severity issue in the kernel.Product: AndroidVersions: Android SoCAndroid ID: A-238904312 | |||||
| CVE-2022-38020 | 1 Microsoft | 1 Visual Studio Code | 2022-09-16 | N/A | 7.3 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability. | |||||