Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24654 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-09-11 | 4.3 MEDIUM | 3.3 LOW |
| In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | |||||
| CVE-2021-26414 | 1 Microsoft | 10 Windows 10, Windows 7, Windows 8.1 and 7 more | 2022-09-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows DCOM Server Security Feature Bypass | |||||
| CVE-2021-34746 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2022-09-11 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device. | |||||
| CVE-2022-40299 | 1 Singular | 1 Singular | 2022-09-09 | N/A | 7.8 HIGH |
| In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language. | |||||
| CVE-2022-35277 | 1 Getresponse | 1 Getresponse | 2022-09-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress. | |||||
| CVE-2022-35275 | 1 Algolplus | 1 Advanced Order Export | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. | |||||
| CVE-2022-40305 | 1 Canto | 1 Canto | 2022-09-09 | N/A | 9.8 CRITICAL |
| A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form. | |||||
| CVE-2022-36356 | 1 Culture Object Project | 1 Culture Object | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress. | |||||
| CVE-2022-35725 | 1 Wp-forecast Project | 1 Wp-forecast | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress. | |||||
| CVE-2022-36842 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.8 HIGH |
| A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2022-36841 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.8 HIGH |
| A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2022-36793 | 1 Wp-shop | 1 Wp Shop | 2022-09-09 | N/A | 9.1 CRITICAL |
| Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. | |||||
| CVE-2022-36844 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.8 HIGH |
| A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2022-36843 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.8 HIGH |
| A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2022-36422 | 1 Wp-postratings Project | 1 Wp-postratings | 2022-09-09 | N/A | 3.1 LOW |
| Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress. | |||||
| CVE-2022-36845 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.8 HIGH |
| A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2022-36850 | 1 Google | 1 Android | 2022-09-09 | N/A | 4.7 MEDIUM |
| Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. | |||||
| CVE-2022-36849 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.8 HIGH |
| Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. | |||||
| CVE-2022-36848 | 1 Google | 1 Android | 2022-09-09 | N/A | 5.5 MEDIUM |
| Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. | |||||
| CVE-2022-36847 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.8 HIGH |
| Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. | |||||