Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44426 | 1 Anydesk | 1 Anydesk | 2022-09-16 | N/A | 8.8 HIGH |
| An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. | |||||
| CVE-2021-44425 | 1 Anydesk | 1 Anydesk | 2022-09-16 | N/A | 6.5 MEDIUM |
| An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port). | |||||
| CVE-2022-36108 | 1 Typo3 | 1 Typo3 | 2022-09-16 | N/A | 6.1 MEDIUM |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. | |||||
| CVE-2022-36107 | 1 Typo3 | 1 Typo3 | 2022-09-16 | N/A | 5.4 MEDIUM |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. | |||||
| CVE-2022-36106 | 1 Typo3 | 1 Typo3 | 2022-09-16 | N/A | 5.4 MEDIUM |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. | |||||
| CVE-2022-36105 | 1 Typo3 | 1 Typo3 | 2022-09-16 | N/A | 5.3 MEDIUM |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue. | |||||
| CVE-2022-36104 | 1 Typo3 | 1 Typo3 | 2022-09-16 | N/A | 7.5 HIGH |
| TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue. | |||||
| CVE-2022-36669 | 1 Hospital Information System Project | 1 Hospital Information System | 2022-09-15 | N/A | 9.8 CRITICAL |
| Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | |||||
| CVE-2022-37139 | 1 Loan Management System Project | 1 Loan Management System | 2022-09-15 | N/A | 5.4 MEDIUM |
| Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. | |||||
| CVE-2022-37138 | 1 Loan Management System Project | 1 Loan Management System | 2022-09-15 | N/A | 9.8 CRITICAL |
| Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. | |||||
| CVE-2022-37137 | 1 Techvill | 1 Paymoney | 2022-09-15 | N/A | 5.4 MEDIUM |
| PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function. | |||||
| CVE-2022-37140 | 1 Techvill | 1 Paymoney | 2022-09-15 | N/A | 8.0 HIGH |
| PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file. | |||||
| CVE-2022-36668 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-15 | N/A | 5.4 MEDIUM |
| Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. | |||||
| CVE-2022-36667 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-15 | N/A | 8.8 HIGH |
| Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE. | |||||
| CVE-2022-36436 | 1 Osuosl | 1 Twisted Vnc Authentication Proxy | 2022-09-15 | N/A | 9.8 CRITICAL |
| OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server. | |||||
| CVE-2022-2900 | 1 Parse-url Project | 1 Parse-url | 2022-09-15 | N/A | 9.1 CRITICAL |
| Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | |||||
| CVE-2022-38637 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-09-15 | N/A | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. | |||||
| CVE-2022-36768 | 1 Ibm | 2 Aix, Vios | 2022-09-15 | N/A | 7.8 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014. | |||||
| CVE-2022-35637 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2022-09-15 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. | |||||
| CVE-2022-34356 | 1 Ibm | 2 Aix, Vios | 2022-09-15 | N/A | 7.8 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502. | |||||