Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3900 | 1 Microsoft | 13 Windows 10, Windows 11, Windows 7 and 10 more | 2022-11-02 | 7.6 HIGH | N/A |
| The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | |||||
| CVE-2019-17060 | 1 Nxp | 9 Kw31z, Kw34, Kw35 and 6 more | 2022-11-02 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. | |||||
| CVE-2019-17519 | 1 Nxp | 9 Kw31z, Kw34, Kw35 and 6 more | 2022-11-02 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet. | |||||
| CVE-2022-3804 | 1 Eolink | 1 Apinto-dashboard | 2022-11-02 | N/A | 6.1 MEDIUM |
| A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640. | |||||
| CVE-2022-3803 | 1 Eolink | 1 Apinto-dashboard | 2022-11-02 | N/A | 6.1 MEDIUM |
| A vulnerability was found in eolinker apinto-dashboard and classified as problematic. This issue affects some unknown processing of the file /api/discoveries/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212639. | |||||
| CVE-2022-3802 | 1 Ibax | 1 Go-ibax | 2022-11-02 | N/A | 8.8 HIGH |
| A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3801 | 1 Ibax | 1 Go-ibax | 2022-11-02 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability. | |||||
| CVE-2022-3798 | 1 Ibax | 1 Go-ibax | 2022-11-02 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3799 | 1 Ibax | 1 Go-ibax | 2022-11-02 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635. | |||||
| CVE-2022-3800 | 1 Ibax | 1 Go-ibax | 2022-11-02 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636. | |||||
| CVE-2022-43223 | 1 Open5gs | 1 Open5gs | 2022-11-02 | N/A | 7.5 HIGH |
| open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment. | |||||
| CVE-2022-43222 | 1 Open5gs | 1 Open5gs | 2022-11-02 | N/A | 7.5 HIGH |
| open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | |||||
| CVE-2022-43221 | 1 Open5gs | 1 Open5gs | 2022-11-02 | N/A | 7.5 HIGH |
| open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet. | |||||
| CVE-2021-27784 | 1 Hcltech | 1 Hcl Launch Container Image | 2022-11-02 | N/A | 7.5 HIGH |
| The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. | |||||
| CVE-2022-40190 | 1 Sauter-controls | 1 Moduweb Firmware | 2022-11-02 | N/A | 9.6 CRITICAL |
| SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials. | |||||
| CVE-2022-41776 | 1 Deltaww | 1 Infrasuite Device Master | 2022-11-02 | N/A | 7.5 HIGH |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrative passwords. | |||||
| CVE-2022-41772 | 1 Deltaww | 1 Infrasuite Device Master | 2022-11-02 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. | |||||
| CVE-2022-41688 | 1 Deltaww | 1 Infrasuite Device Master | 2022-11-02 | N/A | 7.5 HIGH |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group. | |||||
| CVE-2022-41657 | 1 Deltaww | 1 Infrasuite Device Master | 2022-11-02 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution. | |||||
| CVE-2022-41779 | 1 Deltaww | 1 Infrasuite Device Master | 2022-11-02 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution. | |||||