Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31152 | 1 Matrix | 1 Synapse | 2022-09-08 | N/A | 7.5 HIGH |
| Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. | |||||
| CVE-2022-22100 | 1 Qualcomm | 34 Apq8096au, Apq8096au Firmware, Qam8295p and 31 more | 2022-09-08 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto | |||||
| CVE-2022-22099 | 1 Qualcomm | 4 Sa8540p, Sa8540p Firmware, Sa9000p and 1 more | 2022-09-08 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto | |||||
| CVE-2022-22098 | 1 Qualcomm | 2 Apq8096au, Apq8096au Firmware | 2022-09-08 | N/A | 7.8 HIGH |
| Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto | |||||
| CVE-2022-22097 | 1 Qualcomm | 16 Qcs410, Qcs410 Firmware, Qcs610 and 13 more | 2022-09-08 | N/A | 7.8 HIGH |
| Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT | |||||
| CVE-2022-2431 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-09-08 | N/A | 8.8 HIGH |
| The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the 'file[files]' parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server. | |||||
| CVE-2022-29053 | 1 Fortinet | 1 Fortios | 2022-09-08 | N/A | 3.3 LOW |
| A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. | |||||
| CVE-2022-2432 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2022-09-08 | N/A | 4.3 MEDIUM |
| The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-31860 | 1 Openremote | 1 Openremote | 2022-09-08 | N/A | 9.8 CRITICAL |
| An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule. | |||||
| CVE-2022-29062 | 1 Fortinet | 1 Fortisoar | 2022-09-08 | N/A | 6.5 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | |||||
| CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2022-09-08 | N/A | 9.8 CRITICAL |
| Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-33177 | 1 Wpbookingcalendar | 1 Booking Calendar | 2022-09-08 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins Booking Calendar plugin <= 9.2.1 at WordPress leading to Translations Update. | |||||
| CVE-2022-34656 | 1 Wpdevart | 1 Poll\, Survey\, Questionnaire And Voting System | 2022-09-08 | N/A | 4.8 MEDIUM |
| Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin <= 1.7.4 at WordPress. | |||||
| CVE-2022-36427 | 1 About-rentals Project | 1 About-rentals | 2022-09-08 | N/A | 9.8 CRITICAL |
| Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress. | |||||
| CVE-2022-30298 | 1 Fortinet | 1 Fortisoar | 2022-09-08 | N/A | 7.8 HIGH |
| An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root. | |||||
| CVE-2022-36387 | 1 About-me Project | 1 About-me | 2022-09-08 | N/A | 9.8 CRITICAL |
| Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. | |||||
| CVE-2022-37253 | 1 Crime Reporting System Project | 1 Crime Reporting System | 2022-09-08 | N/A | 5.4 MEDIUM |
| Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter | |||||
| CVE-2022-2402 | 1 Eset | 2 Endpoint Encryption, Full Disk Encryption | 2022-09-08 | N/A | 6.5 MEDIUM |
| The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD. | |||||
| CVE-2022-34867 | 1 Wp Libre Form Project | 1 Wp Libre Form | 2022-09-08 | N/A | 6.5 MEDIUM |
| Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8. | |||||
| CVE-2022-32264 | 1 Freebsd | 1 Freebsd | 2022-09-08 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||