Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14362 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-03 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-14361 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-03 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2022-44623 | 1 Jetbrains | 1 Teamcity | 2022-11-03 | N/A | 7.5 HIGH |
| In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings | |||||
| CVE-2022-38339 | 1 Safe | 1 Fme Server | 2022-11-03 | N/A | 6.1 MEDIUM |
| Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page. | |||||
| CVE-2022-38341 | 1 Safe | 1 Fme Server | 2022-11-03 | N/A | 7.1 HIGH |
| Safe Software FME Server v2021.2.5 and below does not employ server-side validation. | |||||
| CVE-2022-38340 | 1 Safe | 1 Fme Server | 2022-11-03 | N/A | 7.2 HIGH |
| Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. | |||||
| CVE-2020-22819 | 1 Mkcms Project | 1 Mkcms | 2022-11-03 | N/A | 9.8 CRITICAL |
| MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. | |||||
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2022-11-03 | N/A | 7.5 HIGH |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | |||||
| CVE-2020-22820 | 1 Mkcms Project | 1 Mkcms | 2022-11-03 | N/A | 9.8 CRITICAL |
| MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. | |||||
| CVE-2021-28876 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2022-11-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2021-28875 | 1 Rust-lang | 1 Rust | 2022-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | |||||
| CVE-2021-22235 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2022-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-28878 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2022-11-03 | 4.3 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2019-25013 | 5 Broadcom, Debian, Fedoraproject and 2 more | 10 Fabric Operating System, Debian Linux, Fedora and 7 more | 2022-11-03 | 7.1 HIGH | 5.9 MEDIUM |
| The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. | |||||
| CVE-2021-28877 | 1 Rust-lang | 1 Rust | 2022-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | |||||
| CVE-2021-31162 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2022-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. | |||||
| CVE-2021-28879 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2022-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. | |||||
| CVE-2020-22818 | 1 Mkcms Project | 1 Mkcms | 2022-11-03 | N/A | 9.8 CRITICAL |
| MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. | |||||
| CVE-2022-39376 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 6.5 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in `mailto` links. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | |||||
| CVE-2022-39375 | 1 Glpi-project | 1 Glpi | 2022-11-03 | N/A | 5.4 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds. | |||||