Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36285 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2022-08-25 | N/A | 7.2 HIGH |
| Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-36347 | 1 Thealpinepress | 1 Alpine Phototile For Pinterest | 2022-08-25 | N/A | 5.4 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress. | |||||
| CVE-2022-36405 | 1 Amcharts | 1 Amcharts\ | 2022-08-25 | N/A | 5.4 MEDIUM |
| Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress. | |||||
| CVE-2022-25903 | 1 Opcua Project | 1 Opcua | 2022-08-25 | N/A | 7.5 HIGH |
| The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed. | |||||
| CVE-2022-37153 | 1 Articatech | 1 Artica Proxy | 2022-08-25 | N/A | 6.1 MEDIUM |
| An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. | |||||
| CVE-2022-37816 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2022-08-25 | N/A | 9.8 CRITICAL |
| Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind. | |||||
| CVE-2020-35992 | 1 Fiserv | 1 Prologue | 2022-08-25 | N/A | 6.5 MEDIUM |
| Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would be able to decrypt the password stored within the configuration file. This would yield cleartext credentials for the database (to gain access to financial records of customers stored within the database), and in some cases would allow remote login to the database. | |||||
| CVE-2021-42232 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2022-08-25 | N/A | 9.8 CRITICAL |
| TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. | |||||
| CVE-2022-24381 | 1 Asneg | 1 Opc Ua Stack | 2022-08-25 | N/A | 7.5 HIGH |
| All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | |||||
| CVE-2022-25888 | 1 Opcua Project | 1 Opcua | 2022-08-25 | N/A | 7.5 HIGH |
| The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | |||||
| CVE-2022-28681 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-25 | N/A | 6.1 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16825. | |||||
| CVE-2022-28670 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. Crafted data in an AcroForm can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16523. | |||||
| CVE-2022-28679 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16861. | |||||
| CVE-2022-28678 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16805. | |||||
| CVE-2022-28680 | 2 Foxit, Microsoft | 2 Pdf Editor, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16821. | |||||
| CVE-2019-25075 | 1 Gravitee | 1 Api Management | 2022-08-25 | N/A | 6.1 MEDIUM |
| HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request. | |||||
| CVE-2021-4141 | 2022-08-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-4042 | 2022-08-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-20301 | 2022-08-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-20287 | 2022-08-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||