Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31107 | 1 Grafana | 1 Grafana | 2022-09-01 | N/A | 7.5 HIGH |
| Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address. | |||||
| CVE-2021-4136 | 3 Apple, Fedoraproject, Vim | 4 Mac Os X, Macos, Fedora and 1 more | 2022-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3872 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2022-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2022-1493 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 8.8 HIGH |
| Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. | |||||
| CVE-2022-0393 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-01 | 5.8 MEDIUM | 7.1 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-23804 | 3 Debian, Fedoraproject, Kicad | 3 Debian Linux, Fedora, Eda | 2022-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-23803 | 3 Debian, Fedoraproject, Kicad | 3 Debian Linux, Fedora, Eda | 2022-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-23947 | 3 Debian, Fedoraproject, Kicad | 3 Debian Linux, Fedora, Kicad Eda | 2022-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-2264 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2183 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2288 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2287 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-01 | 5.8 MEDIUM | 7.1 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2997 | 1 Snipeitapp | 1 Snipe-it | 2022-09-01 | N/A | 8.0 HIGH |
| Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. | |||||
| CVE-2022-1494 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 6.1 MEDIUM |
| Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. | |||||
| CVE-2022-1492 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 6.1 MEDIUM |
| Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. | |||||
| CVE-2022-1491 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 8.8 HIGH |
| Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. | |||||
| CVE-2022-1490 | 1 Google | 1 Chrome | 2022-09-01 | N/A | 8.8 HIGH |
| Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1489 | 1 Google | 2 Chrome, Chrome Os | 2022-09-01 | N/A | 8.8 HIGH |
| Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-36705 | 1 Ingredients Stock Management System Project | 1 Ingredients Stock Management System | 2022-09-01 | N/A | 9.8 CRITICAL |
| Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php. | |||||
| CVE-2022-36704 | 1 Library Management System Project | 1 Library Management System | 2022-09-01 | N/A | 8.8 HIGH |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php. | |||||