Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20924 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2022-11-22 | N/A | 6.5 MEDIUM |
| A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2022-36357 | 1 Webpsilon | 1 Ultimate Tables | 2022-11-22 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE TABLES plugin <= 1.6.5 on WordPress. | |||||
| CVE-2022-43071 | 1 Xpdfreader | 1 Xpdf | 2022-11-22 | N/A | 5.5 MEDIUM |
| A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2022-3998 | 1 Scm Project | 1 Scm | 2022-11-22 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213699. | |||||
| CVE-2022-3997 | 1 Scm Project | 1 Scm | 2022-11-22 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-44163 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. | |||||
| CVE-2022-44158 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2022-11-21 | N/A | 7.5 HIGH |
| Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name. | |||||
| CVE-2022-44156 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2022-11-21 | N/A | 7.5 HIGH |
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. | |||||
| CVE-2022-40470 | 1 Blood Donor Management System Project | 1 Blood Donor Management System | 2022-11-21 | N/A | 4.8 MEDIUM |
| Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. | |||||
| CVE-2022-40129 | 1 Foxit | 1 Pdf Reader | 2022-11-21 | N/A | 7.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2022-38148 | 1 Silverstripe | 1 Framework | 2022-11-21 | N/A | 8.8 HIGH |
| Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | |||||
| CVE-2022-38146 | 1 Silverstripe | 1 Framework | 2022-11-21 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | |||||
| CVE-2022-20918 | 1 Cisco | 2 Firepower Management Center, Firepower Services Software For Asa | 2022-11-21 | N/A | 7.5 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed. | |||||
| CVE-2022-20922 | 1 Cisco | 3 Cyber Vision, Firepower Threat Defense, Umbrella Insights Virtual Appliance | 2022-11-21 | N/A | 6.5 MEDIUM |
| Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. | |||||
| CVE-2022-20925 | 1 Cisco | 1 Firepower Management Center | 2022-11-21 | N/A | 7.2 HIGH |
| A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. | |||||
| CVE-2022-36787 | 1 Webvendome Project | 1 Webvendome | 2022-11-21 | N/A | 9.8 CRITICAL |
| Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter " DocNumber" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE. | |||||
| CVE-2022-20926 | 1 Cisco | 1 Firepower Management Center | 2022-11-21 | N/A | 8.8 HIGH |
| A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. An attacker could exploit this vulnerability by sending crafted input to an affected API endpoint. A successful exploit could allow an attacker to execute arbitrary commands on the device with low system privileges. To successfully exploit this vulnerability, an attacker would need valid credentials for a user with Device permissions: by default, only Administrators, Security Approvers and Network Admins user accounts have these permissions. | |||||
| CVE-2022-39178 | 1 Webvendome Project | 1 Webvendome | 2022-11-21 | N/A | 5.3 MEDIUM |
| Webvendome - Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. | |||||
| CVE-2022-38165 | 1 Withsecure | 1 F-secure Policy Manager | 2022-11-21 | N/A | 9.8 CRITICAL |
| Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. | |||||
| CVE-2022-36924 | 1 Zoom | 1 Rooms | 2022-11-21 | N/A | 7.8 HIGH |
| The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. | |||||