Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39026 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 5.4 MEDIUM |
| U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS (Stored Cross-Site Scripting) attack. | |||||
| CVE-2022-39025 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 6.1 MEDIUM |
| U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2022-39024 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 6.1 MEDIUM |
| U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2022-39023 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 6.5 MEDIUM |
| U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. | |||||
| CVE-2022-39022 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 6.5 MEDIUM |
| U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. | |||||
| CVE-2022-40352 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2022-10-31 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php. | |||||
| CVE-2022-39021 | 1 Edetw | 1 U-office Force | 2022-10-31 | N/A | 6.1 MEDIUM |
| U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. | |||||
| CVE-2022-23990 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2022-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | |||||
| CVE-2022-20811 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2022-10-31 | N/A | 7.2 HIGH |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20933 | 1 Cisco | 46 Meraki Mx100, Meraki Mx100 Firmware, Meraki Mx105 and 43 more | 2022-10-31 | N/A | 8.6 HIGH |
| A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability. | |||||
| CVE-2022-20822 | 1 Cisco | 1 Identity Services Engine | 2022-10-31 | N/A | 8.1 HIGH |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability. | |||||
| CVE-2022-20953 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2022-10-31 | N/A | 5.5 MEDIUM |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-39329 | 1 Nextcloud | 2 Nextcloud Enterprise Server, Nextcloud Server | 2022-10-31 | N/A | 5.3 MEDIUM |
| Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available. | |||||
| CVE-2022-43401 | 1 Jenkins | 1 Script Security | 2022-10-31 | N/A | 9.9 CRITICAL |
| A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2022-20955 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2022-10-31 | N/A | 7.1 HIGH |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20954 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2022-10-31 | N/A | 7.1 HIGH |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-36898 | 1 Expresstech | 1 Quiz And Survey Master | 2022-10-31 | N/A | 7.2 HIGH |
| Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2021-36864 | 1 Expresstech | 1 Quiz And Survey Master | 2022-10-31 | N/A | 5.4 MEDIUM |
| Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||
| CVE-2022-3733 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-10-31 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415. | |||||
| CVE-2022-3322 | 1 Cloudflare | 1 Warp Mobile Client | 2022-10-31 | N/A | 7.5 HIGH |
| Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action. | |||||