Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33574 | 4 Debian, Fedoraproject, Gnu and 1 more | 20 Debian Linux, Fedora, Glibc and 17 more | 2022-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | |||||
| CVE-2022-31250 | 1 Opensuse | 1 Tumbleweed | 2022-11-08 | N/A | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. | |||||
| CVE-2019-6706 | 2 Canonical, Lua | 2 Ubuntu Linux, Lua | 2022-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. | |||||
| CVE-2022-3869 | 1 Froxlor | 1 Froxlor | 2022-11-07 | N/A | 6.1 MEDIUM |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | |||||
| CVE-2022-3868 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=save_quote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213012. | |||||
| CVE-2022-42990 | 1 Food Ordering Management System Project | 1 Food Ordering Management System | 2022-11-07 | N/A | 7.2 HIGH |
| Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. | |||||
| CVE-2022-2188 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2022-11-07 | N/A | 5.5 MEDIUM |
| Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. | |||||
| CVE-2020-12509 | 1 Badgermeter | 1 Moni\ | 2022-11-07 | N/A | 7.5 HIGH |
| In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. | |||||
| CVE-2022-43351 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-07 | N/A | 6.5 MEDIUM |
| Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | |||||
| CVE-2022-43350 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-07 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. | |||||
| CVE-2022-43046 | 1 Food Ordering Management System Project | 1 Food Ordering Management System | 2022-11-07 | N/A | 4.8 MEDIUM |
| Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. | |||||
| CVE-2022-43352 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-07 | N/A | 7.2 HIGH |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_quote. | |||||
| CVE-2022-3873 | 1 Diagrams | 1 Drawio | 2022-11-07 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. | |||||
| CVE-2020-10936 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-11-07 | 7.2 HIGH | 7.8 HIGH |
| Sympa before 6.2.56 allows privilege escalation. | |||||
| CVE-2020-24223 | 1 Mara Cms Project | 1 Mara Cms | 2022-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | |||||
| CVE-2021-40345 | 1 Nagios | 1 Nagios Xi | 2022-11-07 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | |||||
| CVE-2020-12862 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2022-11-07 | 3.3 LOW | 4.3 MEDIUM |
| An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. | |||||
| CVE-2020-12863 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2022-11-07 | 3.3 LOW | 4.3 MEDIUM |
| An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. | |||||
| CVE-2020-12865 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2022-11-07 | 5.2 MEDIUM | 8.0 HIGH |
| A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | |||||
| CVE-2020-6624 | 1 Jhead Project | 1 Jhead | 2022-11-07 | 5.8 MEDIUM | 7.1 HIGH |
| jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. | |||||