Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38070 | 1 Mypopups | 1 Pop-up | 2022-09-09 | N/A | 8.8 HIGH |
| Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress. | |||||
| CVE-2022-38068 | 1 Apasionados | 1 Export Post Info | 2022-09-09 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress. | |||||
| CVE-2022-38144 | 1 Gvectors | 1 Wpforo Forum | 2022-09-09 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress. | |||||
| CVE-2022-40191 | 1 Contact Form By Mega Forms Project | 1 Contact Form By Mega Forms | 2022-09-09 | N/A | 5.4 MEDIUM |
| Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress. | |||||
| CVE-2022-36862 | 1 Google | 1 Android | 2022-09-09 | N/A | 7.8 HIGH |
| A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||||
| CVE-2022-38314 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo. | |||||
| CVE-2022-38313 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo. | |||||
| CVE-2022-38312 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. | |||||
| CVE-2022-38311 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet. | |||||
| CVE-2022-38310 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | |||||
| CVE-2022-38309 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. | |||||
| CVE-2022-2473 | 1 Wp-useronline Project | 1 Wp-useronline | 2022-09-09 | N/A | 4.8 MEDIUM |
| The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative capabilities and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The only affects multi-site installations and installations where unfiltered_html is disabled. | |||||
| CVE-2022-2515 | 1 Simple Banner Project | 1 Simple Banner | 2022-09-09 | N/A | 5.4 MEDIUM |
| The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those without administrative capabilities when access is granted to those users, to inject arbitrary web scripts in page that will execute whenever a user role having access to "Simple Banner" accesses the plugin's settings. | |||||
| CVE-2022-31789 | 1 Watchguard | 1 Fireware | 2022-09-09 | N/A | 9.8 CRITICAL |
| An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. | |||||
| CVE-2022-31790 | 1 Watchguard | 1 Fireware | 2022-09-09 | N/A | 7.5 HIGH |
| WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. | |||||
| CVE-2022-36032 | 1 Reactphp | 1 Http | 2022-09-09 | N/A | 5.3 MEDIUM |
| ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers. | |||||
| CVE-2022-31791 | 1 Watchguard | 1 Fireware | 2022-09-09 | N/A | 7.8 HIGH |
| WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS 12.8.1, 12.5.10, and 12.1.4. | |||||
| CVE-2022-38530 | 1 Gpac | 1 Gpac | 2022-09-09 | N/A | 7.8 HIGH |
| GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. | |||||
| CVE-2021-33543 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2022-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. | |||||
| CVE-2021-39191 | 2 Fedoraproject, Zmartzone | 2 Fedora, Mod Auth Openidc | 2022-09-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | |||||