Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34301 | 3 Kidan, Microsoft, Redhat | 10 Cryptopro Securedisk For Bitlocker, Windows 10, Windows 11 and 7 more | 2022-09-01 | N/A | 6.7 MEDIUM |
| A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | |||||
| CVE-2022-0225 | 1 Redhat | 2 Keycloak, Single Sign-on | 2022-09-01 | N/A | 5.4 MEDIUM |
| A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | |||||
| CVE-2022-0217 | 1 Prosody | 1 Prosody | 2022-09-01 | N/A | 7.5 HIGH |
| It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611). | |||||
| CVE-2022-34668 | 1 Nvidia | 1 Nvflare | 2022-09-01 | N/A | 9.8 CRITICAL |
| NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | |||||
| CVE-2022-36611 | 1 Totolink | 2 A800r, A800r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-20141 | 1 Google | 1 Android | 2022-09-01 | 6.9 MEDIUM | 7.0 HIGH |
| In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel | |||||
| CVE-2022-36615 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36614 | 1 Totolink | 2 A860r, A860r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36616 | 1 Totolink | 2 A810r, A810r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36613 | 1 Totolink | 2 N600r, N600r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36610 | 1 Totolink | 2 A720r, A720r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-36612 | 1 Totolink | 2 A950rg, A950rg Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2022-28747 | 1 Gosecure | 1 Titan Inbox Detection \& Response | 2022-09-01 | N/A | 9.8 CRITICAL |
| Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload. | |||||
| CVE-2022-36121 | 1 Ssctech | 1 Blue Prism Enterprise | 2022-09-01 | N/A | 5.3 MEDIUM |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file. | |||||
| CVE-2022-38510 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. | |||||
| CVE-2020-35529 | 2022-09-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-35528 | 2022-09-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-35526 | 2022-09-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2022-38511 | 1 Totolink | 2 A810r, A810r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. | |||||
| CVE-2022-36120 | 1 Ssctech | 1 Blue Prism Enterprise | 2022-09-01 | N/A | 8.1 HIGH |
| An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server's settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name. | |||||