Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40112 | 1 Totolink | 2 A3002r, A3002r Firmware | 2022-09-09 | N/A | 7.5 HIGH |
| TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa. | |||||
| CVE-2022-40109 | 1 Totolink | 2 A3002r, A3002r Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. | |||||
| CVE-2022-38248 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 6.1 MEDIUM |
| Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. | |||||
| CVE-2022-38247 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 4.8 MEDIUM |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel. | |||||
| CVE-2022-39838 | 1 Systematicalpha | 2 Systematic Fix Adapter, Systematic Fix Adapter Firmware | 2022-09-09 | N/A | 8.6 HIGH |
| Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. | |||||
| CVE-2022-38249 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 6.1 MEDIUM |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. | |||||
| CVE-2022-36051 | 1 Zitadel | 1 Zitadel | 2022-09-09 | N/A | 8.8 HIGH |
| ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. **Actions**, for example, allow creating authorizations (user grants) on newly created users programmatically. Due to a missing authorization check, **Actions** were able to grant authorizations for projects that belong to other organizations inside the same Instance. Granting authorizations via API and Console is not affected by this vulnerability. There is currently no known workaround, users should update. | |||||
| CVE-2022-38250 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 9.8 CRITICAL |
| Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. | |||||
| CVE-2022-38254 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 6.1 MEDIUM |
| Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5. | |||||
| CVE-2022-38251 | 1 Nagios | 1 Nagios Xi | 2022-09-09 | N/A | 4.8 MEDIUM |
| Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. | |||||
| CVE-2022-36585 | 1 Tenda | 2 G3, G3 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf. | |||||
| CVE-2022-36586 | 1 Tenda | 2 G3, G3 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by strcpy in function 0x869f4 in the httpd binary. | |||||
| CVE-2022-40111 | 1 Totolink | 2 A3002r, A3002r Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. | |||||
| CVE-2022-36588 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2022-09-09 | N/A | 9.8 CRITICAL |
| In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. | |||||
| CVE-2022-38255 | 1 Interview Management System Project | 1 Interview Management System | 2022-09-09 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. | |||||
| CVE-2022-38260 | 1 Interview Management System Project | 1 Interview Management System | 2022-09-09 | N/A | 7.2 HIGH |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. | |||||
| CVE-2022-39843 | 2 Linux, Lotus 1-2-3 Project | 2 Linux Kernel, Lotus 1-2-3 | 2022-09-09 | N/A | 7.8 HIGH |
| 123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document. | |||||
| CVE-2022-36671 | 1 Novel-plus Project | 1 Novel-plus | 2022-09-09 | N/A | 7.5 HIGH |
| Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. | |||||
| CVE-2022-29158 | 1 Apache | 1 Ofbiz | 2022-09-09 | N/A | 7.5 HIGH |
| Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 | |||||
| CVE-2022-36672 | 1 Novel-plus Project | 1 Novel-plus | 2022-09-09 | N/A | 9.8 CRITICAL |
| Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. | |||||