Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2132 | 4 Debian, Dpdk, Fedoraproject and 1 more | 8 Debian Linux, Data Plane Development Kit, Fedora and 5 more | 2022-09-06 | N/A | 8.6 HIGH |
| A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | |||||
| CVE-2022-2044 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2022-09-06 | N/A | 8.2 HIGH |
| MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. | |||||
| CVE-2022-37022 | 1 Apache | 1 Geode | 2022-09-06 | N/A | 8.8 HIGH |
| Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will automatically protect JMX over RMI against deserialization attacks. This should have no impact on performance since it only affects JMX/RMI which Gfsh uses to communicate with the JMX Manager which is hosted on a Locator. | |||||
| CVE-2022-37023 | 1 Apache | 1 Geode | 2022-09-06 | N/A | 6.5 MEDIUM |
| Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling "validate-serializable-objects=true" and specifying any user classes that may be serialized/deserialized with "serializable-object-filter". Enabling "validate-serializable-objects" may impact performance. | |||||
| CVE-2022-38289 | 2022-09-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-1260 | 2022-09-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-0844 | 2022-09-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-39326 | 2022-09-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-39324 | 2022-09-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2020-8586 | 2022-09-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-20359 | 2022-09-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-36045 | 1 Nodebb | 1 Nodebb | 2022-09-06 | N/A | 9.8 CRITICAL |
| NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability. | |||||
| CVE-2022-20368 | 1 Google | 1 Android | 2022-09-06 | N/A | 7.8 HIGH |
| Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel | |||||
| CVE-2018-12120 | 1 Nodejs | 1 Node.js | 2022-09-06 | 6.8 MEDIUM | 8.1 HIGH |
| Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable. | |||||
| CVE-2018-12122 | 2 Nodejs, Suse | 4 Node.js, Suse Enterprise Storage, Suse Linux Enterprise Server and 1 more | 2022-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. | |||||
| CVE-2018-12123 | 1 Nodejs | 1 Node.js | 2022-09-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. | |||||
| CVE-2022-2043 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2022-09-06 | N/A | 7.5 HIGH |
| MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. | |||||
| CVE-2018-12121 | 2 Nodejs, Redhat | 8 Node.js, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2022-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. | |||||
| CVE-2010-5250 | 1 Pthread-win32 Project | 1 Pthreads-win32 | 2022-09-06 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2022-25304 | 2 Asyncua Project, Opcua Project | 2 Asyncua, Opcua | 2022-09-06 | N/A | 7.5 HIGH |
| All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | |||||