Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1888 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 5.8 MEDIUM | N/A |
| The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | |||||
| CVE-2021-3973 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2022-08-29 | 9.3 HIGH | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-42321 | 1 Microsoft | 1 Exchange Server | 2022-08-29 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-34837 | 1 Abb | 1 Zenon | 2022-08-29 | N/A | 6.1 MEDIUM |
| Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | |||||
| CVE-2021-3702 | 1 Redhat | 1 Ansible Runner | 2022-08-29 | N/A | 6.3 MEDIUM |
| A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality. | |||||
| CVE-2021-3714 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-08-29 | N/A | 7.5 HIGH |
| A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged. | |||||
| CVE-2022-23235 | 1 Netapp | 1 Active Iq Unified Manager | 2022-08-29 | N/A | 5.3 MEDIUM |
| Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled. | |||||
| CVE-2022-36707 | 2022-08-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2214. Reason: This candidate is a reservation duplicate of CVE-2022-2214. Notes: All CVE users should reference CVE-2022-2214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-3670 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Storage, Samba | 2022-08-29 | N/A | 6.5 MEDIUM |
| MaxQueryDuration not honoured in Samba AD DC LDAP | |||||
| CVE-2022-32745 | 1 Samba | 1 Samba | 2022-08-29 | N/A | 8.1 HIGH |
| A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | |||||
| CVE-2022-32744 | 1 Samba | 1 Samba | 2022-08-29 | N/A | 8.8 HIGH |
| A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. | |||||
| CVE-2022-36548 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2022-08-29 | N/A | 5.4 MEDIUM |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field. | |||||
| CVE-2022-36547 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2022-08-29 | N/A | 6.1 MEDIUM |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | |||||
| CVE-2022-36546 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2022-08-29 | N/A | 8.8 HIGH |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | |||||
| CVE-2022-37318 | 1 Rsa | 1 Archer | 2022-08-29 | N/A | 6.1 MEDIUM |
| Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | |||||
| CVE-2021-4040 | 2 Apache, Redhat | 2 Activemq Artemis, Amq Broker | 2022-08-29 | N/A | 5.3 MEDIUM |
| A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability. | |||||
| CVE-2022-20921 | 1 Cisco | 1 Aci Multi-site Orchestrator | 2022-08-29 | N/A | 8.8 HIGH |
| A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device. | |||||
| CVE-2022-38132 | 1 Linksys | 2 Mr8300, Mr8300 Firmware | 2022-08-29 | N/A | 8.8 HIGH |
| Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0. | |||||
| CVE-2022-32840 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-08-29 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-33172 | 1 Bund | 1 De.fac2 | 2022-08-29 | N/A | 5.5 MEDIUM |
| de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. | |||||