Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1352 | 2 Apple, Php | 2 Mac Os X, Php | 2022-11-04 | 5.0 MEDIUM | N/A |
| The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. | |||||
| CVE-2014-3710 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2022-11-04 | 5.0 MEDIUM | N/A |
| The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | |||||
| CVE-2015-8873 | 2 Opensuse, Php | 2 Leap, Php | 2022-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. | |||||
| CVE-2020-23050 | 1 Taotesting | 1 Tao Assessment Platform | 2022-11-04 | 6.0 MEDIUM | 8.0 HIGH |
| TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. | |||||
| CVE-2020-23036 | 1 Medianavi | 1 Smacom | 2022-11-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack. | |||||
| CVE-2020-23533 | 1 Unionpayintl | 1 Union Pay | 2022-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | |||||
| CVE-2022-3721 | 1 Froxlor | 1 Froxlor | 2022-11-04 | N/A | 4.6 MEDIUM |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | |||||
| CVE-2020-13422 | 1 Openiam | 1 Openiam | 2022-11-04 | 5.5 MEDIUM | 8.1 HIGH |
| OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. | |||||
| CVE-2020-13963 | 1 Soplanning | 1 Soplanning | 2022-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account). | |||||
| CVE-2020-13410 | 1 Aedes Project | 1 Aedes | 2022-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. | |||||
| CVE-2022-41668 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2022-11-04 | N/A | 7.8 HIGH |
| A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2022-41667 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2022-11-04 | N/A | 7.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2022-3023 | 1 Pingcap | 1 Tidb | 2022-11-04 | N/A | 9.8 CRITICAL |
| Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. | |||||
| CVE-2022-41666 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2022-11-04 | N/A | 7.8 HIGH |
| A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2022-31624 | 1 Mariadb | 1 Mariadb | 2022-11-04 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2022-31622 | 1 Mariadb | 1 Mariadb | 2022-11-04 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2022-31621 | 1 Mariadb | 1 Mariadb | 2022-11-04 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2022-31623 | 1 Mariadb | 1 Mariadb | 2022-11-04 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | |||||
| CVE-2022-41713 | 1 Deep-object-diff Project | 1 Deep-object-diff | 2022-11-04 | N/A | 5.3 MEDIUM |
| deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited. | |||||
| CVE-2022-40276 | 1 Zettlr | 1 Zettlr | 2022-11-04 | N/A | 5.5 MEDIUM |
| Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. | |||||