Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25921 | 1 Morgan-json Project | 1 Morgan-json | 2022-09-01 | N/A | 9.8 CRITICAL |
| All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. | |||||
| CVE-2022-25644 | 1 Get-process-by-name Project | 1 Get-process-by-name | 2022-09-01 | N/A | 9.8 CRITICAL |
| All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. | |||||
| CVE-2022-20823 | 1 Cisco | 294 Nexus 3016, Nexus 3016 Firmware, Nexus 3016q and 291 more | 2022-09-01 | N/A | 8.6 HIGH |
| A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory. | |||||
| CVE-2022-38556 | 1 Trendnet | 2 Tew733gr, Tew733gr Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2022-37057 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | |||||
| CVE-2022-37053 | 1 Trendnet | 2 Tew733gr, Tew733gr Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-36756 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-36755 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | |||||
| CVE-2022-2231 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2020-35605 | 2 Debian, Kitty Project | 2 Debian Linux, Kitty | 2022-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. | |||||
| CVE-2022-3017 | 1 Froxlor | 1 Froxlor | 2022-09-01 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. | |||||
| CVE-2022-38794 | 1 Zaver Project | 1 Zaver | 2022-09-01 | N/A | 7.5 HIGH |
| Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | |||||
| CVE-2022-38792 | 1 Exotel Project | 1 Exotel | 2022-09-01 | N/A | 9.8 CRITICAL |
| The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. | |||||
| CVE-2022-36118 | 1 Ssctech | 1 Blue Prism | 2022-09-01 | N/A | 5.3 MEDIUM |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the SetProcessAttributes administrative function. Abusing this function will allow any Blue Prism user to publish, unpublish, or retire processes. Using this function, any logged-in user can change the status of a process, an action allowed only intended for users with the Edit Process permission. | |||||
| CVE-2019-15167 | 1 Tcpdump | 1 Tcpdump | 2022-09-01 | N/A | 9.1 CRITICAL |
| The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. | |||||
| CVE-2022-2915 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2022-09-01 | N/A | 8.8 HIGH |
| A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | |||||
| CVE-2022-36522 | 1 Mikrotik | 1 Routeros | 2022-09-01 | N/A | 6.5 MEDIUM |
| Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2022-34303 | 3 Eurosoft-uk, Microsoft, Redhat | 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more | 2022-09-01 | N/A | 6.7 MEDIUM |
| A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | |||||
| CVE-2022-34302 | 3 Horizondatasys, Microsoft, Redhat | 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more | 2022-09-01 | N/A | 6.7 MEDIUM |
| A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | |||||
| CVE-2022-22558 | 1 Dell | 40 C4130, C4130 Firmware, C6320 and 37 more | 2022-09-01 | 3.6 LOW | 6.0 MEDIUM |
| Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service. | |||||