Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41432 | 1 Eyesofnetwork | 1 Web Interface | 2022-11-08 | N/A | 4.8 MEDIUM |
| EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. | |||||
| CVE-2022-41434 | 1 Eyesofnetwork | 1 Web Interface | 2022-11-08 | N/A | 6.1 MEDIUM |
| EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /lilac/main.php. | |||||
| CVE-2022-43051 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. | |||||
| CVE-2022-43052 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. | |||||
| CVE-2022-43050 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2022-11-08 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-20772 | 1 Cisco | 4 Email Security Appliance, Email Security Appliance Firmware, Secure Email And Web Manager and 1 more | 2022-11-08 | N/A | 5.3 MEDIUM |
| A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. | |||||
| CVE-2022-38164 | 1 F-secure | 1 Safe | 2022-11-08 | N/A | 6.5 MEDIUM |
| WithSecure through 2022-08-10 allows attackers to cause a denial of service (issue 3 of 5). | |||||
| CVE-2022-43563 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-08 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | |||||
| CVE-2022-20867 | 1 Cisco | 3 Asyncos, Secure Email And Web Manager, Secure Email Gateway | 2022-11-08 | N/A | 6.5 MEDIUM |
| A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system. | |||||
| CVE-2022-43564 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-08 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros. | |||||
| CVE-2022-20942 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2022-11-08 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device. | |||||
| CVE-2022-20868 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2022-11-08 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. | |||||
| CVE-2022-44732 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | |||||
| CVE-2020-10714 | 2 Netapp, Redhat | 6 Oncommand Insight, Codeready Studio, Descision Manager and 3 more | 2022-11-08 | 5.1 MEDIUM | 7.5 HIGH |
| A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-26932 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2022-11-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | |||||
| CVE-2022-43565 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-08 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. | |||||
| CVE-2022-43566 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-08 | N/A | 8.0 HIGH |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | |||||
| CVE-2022-23218 | 3 Debian, Gnu, Oracle | 4 Debian Linux, Glibc, Communications Cloud Native Core Unified Data Repository and 1 more | 2022-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | |||||
| CVE-2022-23219 | 3 Debian, Gnu, Oracle | 8 Debian Linux, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2022-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. | |||||
| CVE-2021-35942 | 3 Debian, Gnu, Netapp | 7 Debian Linux, Glibc, Active Iq Unified Manager and 4 more | 2022-11-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | |||||