Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35847 | 1 Fortinet | 1 Fortisoar | 2022-09-08 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2022-36425 | 1 Fastlinemedia | 1 Beaver Builder | 2022-09-08 | N/A | 9.8 CRITICAL |
| Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | |||||
| CVE-2022-35931 | 1 Nextcloud | 1 Password Policy | 2022-09-08 | N/A | 2.7 LOW |
| Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud Server to 22.2.10, 23.0.7 or 24.0.3 to receive a patch for the issue in Password Policy. There are no known workarounds available. | |||||
| CVE-2022-3026 | 1 Wp-users-exporter Project | 1 Wp-users-exporter | 2022-09-08 | N/A | 8.8 HIGH |
| The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2020-21516 | 1 Feehi | 1 Feehicms | 2022-09-08 | N/A | 9.8 CRITICAL |
| There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. | |||||
| CVE-2022-2233 | 1 Banner Cycler Project | 1 Banner Cycler | 2022-09-08 | N/A | 8.8 HIGH |
| The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site’s administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-27491 | 1 Fortinet | 1 Fortios | 2022-09-08 | N/A | 7.5 HIGH |
| A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. | |||||
| CVE-2022-26470 | 2 Google, Mediatek | 12 Android, Mt6879, Mt6895 and 9 more | 2022-09-08 | N/A | 6.7 MEDIUM |
| In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07116037; Issue ID: ALPS07116037. | |||||
| CVE-2022-26469 | 2 Google, Mediatek | 43 Android, Mt6580, Mt6735 and 40 more | 2022-09-08 | N/A | 7.8 HIGH |
| In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598. | |||||
| CVE-2022-26468 | 2 Google, Mediatek | 45 Android, Mt6735, Mt6739 and 42 more | 2022-09-08 | N/A | 6.6 MEDIUM |
| In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07168125; Issue ID: ALPS07168125. | |||||
| CVE-2022-26467 | 2 Google, Mediatek | 38 Android, Mt6580, Mt6735 and 35 more | 2022-09-08 | N/A | 6.7 MEDIUM |
| In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07167738; Issue ID: ALPS07167738. | |||||
| CVE-2021-38297 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2022-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | |||||
| CVE-2021-41802 | 1 Hashicorp | 1 Vault | 2022-09-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4. | |||||
| CVE-2021-37219 | 1 Hashicorp | 1 Consul | 2022-09-08 | 6.5 MEDIUM | 8.8 HIGH |
| HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. | |||||
| CVE-2021-27668 | 1 Hashicorp | 1 Vault | 2022-09-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3. | |||||
| CVE-2021-45042 | 1 Hashicorp | 1 Vault | 2022-09-08 | 6.8 MEDIUM | 4.9 MEDIUM |
| In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. | |||||
| CVE-2021-43998 | 1 Hashicorp | 1 Vault | 2022-09-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. | |||||
| CVE-2020-6920 | 1 Hp | 1 Support Assistant | 2022-09-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||
| CVE-2020-6919 | 1 Hp | 1 Support Assistant | 2022-09-08 | 6.8 MEDIUM | 7.8 HIGH |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||
| CVE-2020-6918 | 1 Hp | 1 Support Assistant | 2022-09-08 | 6.8 MEDIUM | 7.8 HIGH |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||