Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22835 | 1 Overit | 1 Geocall | 2022-09-02 | 3.5 LOW | 6.5 MEDIUM |
| An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem. | |||||
| CVE-2022-25089 | 1 Kofax | 1 Printix | 2022-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. | |||||
| CVE-2021-46667 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2022-09-02 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. | |||||
| CVE-2020-26140 | 5 Alfa, Arista, Cisco and 2 more | 388 Awus036h, Awus036h Firmware, C-100 and 385 more | 2022-09-02 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. | |||||
| CVE-2020-7248 | 1 Openwrt | 1 Openwrt | 2022-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | |||||
| CVE-2022-26665 | 1 Tylertech | 1 Odyssey Portal | 2022-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records. | |||||
| CVE-2022-21816 | 1 Nvidia | 2 Cloud Gaming Virtual Gpu, Virtual Gpu | 2022-09-02 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service. | |||||
| CVE-2022-21815 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming Guest, Geforce and 7 more | 2022-09-02 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. | |||||
| CVE-2022-21814 | 2 Linux, Nvidia | 7 Linux Kernel, Geforce, Gpu Display Driver and 4 more | 2022-09-02 | 3.6 LOW | 6.1 MEDIUM |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | |||||
| CVE-2021-40142 | 2 Opcfoundation, Siemens | 8 Local Discover Server, Simatic Net Pc, Simatic Process Historian Opc Ua Server and 5 more | 2022-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | |||||
| CVE-2022-24193 | 1 Icewale | 1 Casaos | 2022-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. | |||||
| CVE-2022-22834 | 1 Overit | 1 Geocall | 2022-09-02 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution. | |||||
| CVE-2020-7530 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2022-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. | |||||
| CVE-2019-6831 | 1 Schneider-electric | 2 Bmxnor0200h, Bmxnor0200h Firmware | 2022-09-02 | 5.0 MEDIUM | 8.6 HIGH |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. | |||||
| CVE-2019-6814 | 1 Schneider-electric | 14 Net5500, Net5500 Firmware, Net5501 and 11 more | 2022-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI. | |||||
| CVE-2020-7545 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2022-09-02 | 6.5 MEDIUM | 7.2 HIGH |
| A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. | |||||
| CVE-2020-7573 | 1 Schneider-electric | 1 Webreports | 2022-09-02 | 6.4 MEDIUM | 6.5 MEDIUM |
| A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. | |||||
| CVE-2019-6825 | 1 Schneider-electric | 1 Proclima | 2022-09-02 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0. | |||||
| CVE-2020-7547 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2022-09-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. | |||||
| CVE-2019-6832 | 1 Schneider-electric | 4 Lss100100, Lss100200, Spacelynk Firmware and 1 more | 2022-09-02 | 6.8 MEDIUM | 8.3 HIGH |
| A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. | |||||