Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36034 | 1 Nitrado.js Project | 1 Nitrado.js | 2022-09-01 | N/A | 7.5 HIGH |
| nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds. | |||||
| CVE-2022-27558 | 1 Hcltech | 2 Domino, Hcl Inotes | 2022-09-01 | N/A | 7.5 HIGH |
| HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | |||||
| CVE-2022-27547 | 1 Hcltech | 2 Domino, Hcl Inotes | 2022-09-01 | N/A | 7.4 HIGH |
| HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. | |||||
| CVE-2022-27546 | 1 Hcltech | 2 Domino, Hcl Inotes | 2022-09-01 | N/A | 6.1 MEDIUM |
| HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2022-2638 | 1 Atlasgondal | 1 Export All Urls | 2022-09-01 | N/A | 6.5 MEDIUM |
| The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server | |||||
| CVE-2022-36036 | 1 Mdx-mermaid Project | 1 Mdx-mermaid | 2022-09-01 | N/A | 7.8 HIGH |
| mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. | |||||
| CVE-2022-36561 | 1 Xpdfreader | 1 Xpdf | 2022-09-01 | N/A | 5.5 MEDIUM |
| XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. | |||||
| CVE-2022-25635 | 3 Google, Linux, Realtek | 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit | 2022-09-01 | N/A | 6.5 MEDIUM |
| Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service. | |||||
| CVE-2022-25646 | 1 X-data-spreadsheet Project | 1 X-data-spreadsheet | 2022-09-01 | N/A | 6.1 MEDIUM |
| All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells. | |||||
| CVE-2022-25887 | 1 Apostrophecms | 1 Sanitize-html | 2022-09-01 | N/A | 7.5 HIGH |
| The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. | |||||
| CVE-2022-0669 | 3 Dpdk, Openvswitch, Redhat | 3 Data Plane Development Kit, Openvswitch, Openshift Container Platform | 2022-09-01 | N/A | 6.5 MEDIUM |
| A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. | |||||
| CVE-2022-0497 | 1 Openscad | 1 Openscad | 2022-09-01 | N/A | 7.1 HIGH |
| A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. | |||||
| CVE-2022-0496 | 1 Openscad | 1 Openscad | 2022-09-01 | N/A | 5.5 MEDIUM |
| A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). | |||||
| CVE-2022-0400 | 1 Linux | 1 Linux Kernel | 2022-09-01 | N/A | 7.5 HIGH |
| An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. | |||||
| CVE-2022-20865 | 1 Cisco | 24 Firepower 4110, Firepower 4110 Firmware, Firepower 4112 and 21 more | 2022-09-01 | N/A | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | |||||
| CVE-2022-0336 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2022-09-01 | N/A | 8.8 HIGH |
| The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. | |||||
| CVE-2022-0284 | 1 Imagemagick | 1 Imagemagick | 2022-09-01 | N/A | 7.1 HIGH |
| A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. | |||||
| CVE-2022-3019 | 1 Tooljet | 1 Tooljet | 2022-09-01 | N/A | 8.8 HIGH |
| The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | |||||
| CVE-2022-36194 | 1 Centreon | 1 Centreon | 2022-09-01 | N/A | 5.4 MEDIUM |
| Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. | |||||
| CVE-2022-32548 | 1 Draytek | 136 Vigor1000b, Vigor1000b Firmware, Vigor165 and 133 more | 2022-09-01 | N/A | 9.8 CRITICAL |
| An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. | |||||