Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39176 | 3 Bluez, Canonical, Debian | 3 Bluez, Ubuntu Linux, Debian Linux | 2022-11-07 | N/A | 8.8 HIGH |
| BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | |||||
| CVE-2022-39177 | 3 Bluez, Canonical, Debian | 3 Bluez, Ubuntu Linux, Debian Linux | 2022-11-07 | N/A | 8.8 HIGH |
| BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | |||||
| CVE-2020-17541 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2022-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | |||||
| CVE-2020-20213 | 1 Mikrotik | 1 Routeros | 2022-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2022-3808 | 2022-11-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2020-20217 | 1 Mikrotik | 1 Routeros | 2022-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2020-20248 | 1 Mikrotik | 1 Routeros | 2022-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2022-32893 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Ipados, Iphone Os, Macos and 5 more | 2022-11-07 | N/A | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2020-24987 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2022-11-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". | |||||
| CVE-2020-13882 | 2 Cisofy, Fedoraproject | 2 Lynis, Fedora | 2022-11-07 | 3.7 LOW | 4.2 MEDIUM |
| CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks. | |||||
| CVE-2020-24771 | 1 Nexusphp | 1 Nexusphp | 2022-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. | |||||
| CVE-2022-3791 | 2022-11-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-3790 | 2022-11-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-39432 | 1 Diplib | 1 Diplib | 2022-11-06 | N/A | 6.5 MEDIUM |
| diplib v3.0.0 is vulnerable to Double Free. | |||||
| CVE-2021-39473 | 1 Hotelmanager Project | 1 Hotelmanager | 2022-11-06 | N/A | 5.4 MEDIUM |
| Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields. | |||||
| CVE-2022-43449 | 1 Openharmony | 1 Openharmony | 2022-11-06 | N/A | 5.5 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. | |||||
| CVE-2022-43451 | 1 Openharmony | 1 Openharmony | 2022-11-06 | N/A | 6.5 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. | |||||
| CVE-2022-43495 | 1 Openharmony | 1 Openharmony | 2022-11-06 | N/A | 7.5 HIGH |
| OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. | |||||
| CVE-2022-0594 | 1 Shareaholic | 1 Shareaholic | 2022-11-04 | N/A | 5.3 MEDIUM |
| The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | |||||
| CVE-2022-20239 | 1 Google | 1 Android | 2022-11-04 | N/A | 9.8 CRITICAL |
| remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | |||||