Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43330 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. | |||||
| CVE-2022-43329 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | |||||
| CVE-2022-43328 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. | |||||
| CVE-2022-43331 | 1 Canteen Management System Project | 1 Canteen Management System | 2022-11-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php. | |||||
| CVE-2022-43076 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-11-01 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter. | |||||
| CVE-2022-37426 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2022-11-01 | N/A | 7.5 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | |||||
| CVE-2022-3228 | 1 Hosteng | 2 H0-ecom100, H0-ecom100 Firmware | 2022-11-01 | N/A | 6.5 MEDIUM |
| Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Module Firmware versions v5.0.155 and prior. This may allow an attacker to crash the affected device or cause it to become unresponsive. | |||||
| CVE-2022-41636 | 1 Haascnc | 1 Haas Controller | 2022-11-01 | N/A | 7.5 HIGH |
| Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. | |||||
| CVE-2022-2826 | 1 Gitlab | 1 Gitlab | 2022-11-01 | N/A | 9.8 CRITICAL |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO | |||||
| CVE-2022-42923 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 8.8 HIGH |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete' function in order to dump the entire database or delete all contents from the 'core_user_file' table. | |||||
| CVE-2022-41680 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 6.5 MEDIUM |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database. | |||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 8.8 HIGH |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-39016 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 8.8 HIGH |
| Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | |||||
| CVE-2022-41679 | 1 Formalms | 1 Formalms | 2022-11-01 | N/A | 6.1 MEDIUM |
| Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application. | |||||
| CVE-2022-39017 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 5.4 MEDIUM |
| Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. | |||||
| CVE-2022-39018 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 7.5 HIGH |
| Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | |||||
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2022-11-01 | N/A | 7.5 HIGH |
| Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | |||||
| CVE-2022-28763 | 1 Zoom | 3 Meetings, Rooms For Conference Rooms, Virtual Desktop Infrastructure | 2022-11-01 | N/A | 9.6 CRITICAL |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. | |||||
| CVE-2022-39020 | 1 Schoolbox | 1 Schoolbox | 2022-11-01 | N/A | 6.1 MEDIUM |
| Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting. | |||||
| CVE-2022-25885 | 1 Muhammara Project | 1 Muhammara | 2022-11-01 | N/A | 7.5 HIGH |
| The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data. | |||||