Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3825 | 1 Huaxiaerp | 1 Huaxia Erp | 2022-11-04 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Huaxia ERP 2.3 and classified as critical. Affected by this issue is some unknown functionality of the component User Management. The manipulation of the argument login leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212792. | |||||
| CVE-2021-41576 | 2022-11-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none. | |||||
| CVE-2021-41575 | 2022-11-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none. | |||||
| CVE-2021-41574 | 2022-11-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none. | |||||
| CVE-2021-34686 | 2022-11-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none. | |||||
| CVE-2022-3827 | 1 Centreon | 1 Centreon | 2022-11-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. The name of the patch is 293b10628f7d9f83c6c82c78cf637cbe9b907369. It is recommended to apply a patch to fix this issue. VDB-212794 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-38372 | 1 Fortinet | 1 Fortitester | 2022-11-03 | N/A | 6.7 MEDIUM |
| A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. | |||||
| CVE-2022-39234 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 8.8 HIGH |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | |||||
| CVE-2022-38434 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-11-03 | N/A | 7.8 HIGH |
| Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34258 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-11-03 | N/A | 4.8 MEDIUM |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-45448 | 1 Hitachi | 1 Vantara Pentaho | 2022-11-03 | N/A | 6.5 MEDIUM |
| Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. | |||||
| CVE-2022-39381 | 2 Muhammarajs Project, Pdfhummus | 2 Muhammarajs, Hummusjs | 2022-11-03 | N/A | 5.5 MEDIUM |
| Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources. | |||||
| CVE-2022-34257 | 2 Adobe, Magento | 2 Commerce, Magento | 2022-11-03 | N/A | 6.1 MEDIUM |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2022-44622 | 1 Jetbrains | 1 Teamcity | 2022-11-03 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | |||||
| CVE-2022-3776 | 1 Oracle | 1 Restaurant Menu - Food Ordering System - Table Reservation | 2022-11-03 | N/A | 8.8 HIGH |
| The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-2696 | 1 Oracle | 1 Restaurant Menu - Food Ordering System - Table Reservation | 2022-11-03 | N/A | 6.5 MEDIUM |
| The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences. | |||||
| CVE-2022-40293 | 1 Phppointofsale | 1 Php Point Of Sale | 2022-11-03 | N/A | 9.8 CRITICAL |
| The application was vulnerable to a session fixation that could be used hijack accounts. | |||||
| CVE-2022-43255 | 1 Gpac | 1 Gpac | 2022-11-03 | N/A | 5.5 MEDIUM |
| GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. | |||||
| CVE-2022-43254 | 1 Gpac | 1 Gpac | 2022-11-03 | N/A | 5.5 MEDIUM |
| GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. | |||||
| CVE-2022-44586 | 1 Am-hili Project | 1 Am-hili | 2022-11-03 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress. | |||||