Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37097 | 1 H3c | 2 H200, H200 Firmware | 2022-08-29 | N/A | 9.8 CRITICAL |
| H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById. | |||||
| CVE-2022-37099 | 1 H3c | 2 H200, H200 Firmware | 2022-08-29 | N/A | 9.8 CRITICAL |
| H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat. | |||||
| CVE-2022-37098 | 1 H3c | 2 H200, H200 Firmware | 2022-08-29 | N/A | 9.8 CRITICAL |
| H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params. | |||||
| CVE-2022-37100 | 1 H3c | 2 H200, H200 Firmware | 2022-08-29 | N/A | 9.8 CRITICAL |
| H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone. | |||||
| CVE-2021-4155 | 1 Linux | 1 Linux Kernel | 2022-08-29 | N/A | 5.5 MEDIUM |
| A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | |||||
| CVE-2021-4213 | 3 Debian, Dogtagpki, Redhat | 3 Debian Linux, Network Security Services For Java, Enterprise Linux | 2022-08-29 | N/A | 7.5 HIGH |
| A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service. | |||||
| CVE-2022-32810 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2022-08-28 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2018-14520 | 1 Getkirby | 1 Kirby | 2022-08-28 | N/A | 5.4 MEDIUM |
| An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages. | |||||
| CVE-2018-14519 | 1 Getkirby | 1 Kirby | 2022-08-28 | N/A | 4.3 MEDIUM |
| An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page. | |||||
| CVE-2022-37181 | 1 72crm | 1 Wukong Crm | 2022-08-28 | N/A | 9.8 CRITICAL |
| 72crm 9.0 has an Arbitrary file upload vulnerability. | |||||
| CVE-2022-37178 | 1 72crm | 1 Wukong Crm | 2022-08-28 | N/A | 8.8 HIGH |
| An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar. | |||||
| CVE-2021-22924 | 6 Debian, Fedoraproject, Haxx and 3 more | 52 Debian Linux, Fedora, Libcurl and 49 more | 2022-08-28 | 4.3 MEDIUM | 3.7 LOW |
| libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. | |||||
| CVE-2021-43309 | 1 Litejs | 1 Uri-template-lite | 2022-08-28 | N/A | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method | |||||
| CVE-2022-20122 | 1 Google | 1 Android | 2022-08-28 | N/A | 9.8 CRITICAL |
| The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232441339 | |||||
| CVE-2021-39815 | 1 Google | 1 Android | 2022-08-28 | N/A | 9.8 CRITICAL |
| The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232440670 | |||||
| CVE-2021-0947 | 1 Google | 1 Android | 2022-08-28 | N/A | 7.5 HIGH |
| The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM, and then copies the buffer to userspace. The method TLServerDiscoverStreamsKM may fail for several reasons including invalid sizes. If this method fails the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-236838960 | |||||
| CVE-2021-0946 | 1 Google | 1 Android | 2022-08-28 | N/A | 7.5 HIGH |
| The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. The method PMR_PDumpSymbolicAddr may fail, and if it does the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-236846966 | |||||
| CVE-2022-38080 | 1 Exceedone | 2 Exment, Laravel-admin | 2022-08-28 | N/A | 5.4 MEDIUM |
| Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | |||||
| CVE-2022-37333 | 1 Exceedone | 2 Exment, Laravel-admin | 2022-08-28 | N/A | 8.8 HIGH |
| SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands. | |||||
| CVE-2018-14463 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Sdc and 4 more | 2022-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. | |||||