Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28752 | 1 Zoom | 1 Rooms | 2022-08-18 | N/A | 7.8 HIGH |
| Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user. | |||||
| CVE-2022-35122 | 1 Ecowitt | 2 Gw1100, Gw1100 Firmware | 2022-08-18 | N/A | 9.1 CRITICAL |
| An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords. | |||||
| CVE-2022-1373 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2022-08-18 | N/A | 7.2 HIGH |
| The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk. | |||||
| CVE-2022-1069 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2022-08-18 | N/A | 7.5 HIGH |
| A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | |||||
| CVE-2020-27791 | 2022-08-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-27789 | 2022-08-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2022-35602 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. | |||||
| CVE-2022-35601 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||
| CVE-2022-35599 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. | |||||
| CVE-2022-35151 | 1 Keking | 1 Kkfileview | 2022-08-18 | N/A | 6.1 MEDIUM |
| kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. | |||||
| CVE-2022-35604 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter 'searchTxt'. | |||||
| CVE-2022-36190 | 1 Gpac | 1 Gpac | 2022-08-18 | N/A | 9.8 CRITICAL |
| GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. | |||||
| CVE-2022-36186 | 1 Gpac | 1 Gpac | 2022-08-18 | N/A | 7.5 HIGH |
| A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1. | |||||
| CVE-2017-14611 | 1 Agentejo | 1 Cockpit | 2022-08-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | |||||
| CVE-2022-35606 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | |||||
| CVE-2022-35605 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. | |||||
| CVE-2022-35174 | 1 Getkirby | 1 Starterkit | 2022-08-18 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field. | |||||
| CVE-2022-35603 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | |||||
| CVE-2022-35598 | 1 Inventorymanagementsystem Project | 1 Inventorymanagementsystem | 2022-08-18 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. | |||||
| CVE-2022-37459 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2022-08-18 | N/A | 7.8 HIGH |
| Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. | |||||