Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45707 | 1 Nix Project | 1 Nix | 2022-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups. | |||||
| CVE-2022-3666 | 1 Axiosys | 1 Bento4 | 2022-10-28 | N/A | 7.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-43776 | 1 Metabase | 1 Metabase | 2022-10-28 | N/A | 6.5 MEDIUM |
| The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects. | |||||
| CVE-2022-37202 | 1 Jflyfox | 1 Jfinal Cms | 2022-10-28 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list | |||||
| CVE-2021-21897 | 3 Debian, Fedoraproject, Ribbonsoft | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2022-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-3674 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-10-28 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. | |||||
| CVE-2022-3673 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-10-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212016. | |||||
| CVE-2021-45475 | 1 Yordam | 1 Library Automation System | 2022-10-28 | N/A | 7.5 HIGH |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. | |||||
| CVE-2022-3672 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-10-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0. This issue affects some unknown processing of the file /php-sms/classes/SystemSettings.php. The manipulation of the argument name/shortname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212015. | |||||
| CVE-2022-43766 | 1 Apache | 1 Iotdb | 2022-10-28 | N/A | 7.5 HIGH |
| Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. | |||||
| CVE-2022-42468 | 1 Apache | 1 Flume | 2022-10-28 | N/A | 9.8 CRITICAL |
| Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | |||||
| CVE-2022-40238 | 1 Cert | 1 Vince | 2022-10-28 | N/A | 8.8 HIGH |
| A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed. | |||||
| CVE-2022-39944 | 1 Apache | 1 Linkis | 2022-10-28 | N/A | 8.8 HIGH |
| In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.2.0 will be affected, We recommend users to update to 1.3.0. | |||||
| CVE-2022-20959 | 1 Cisco | 1 Identity Services Engine | 2022-10-28 | N/A | 5.4 MEDIUM |
| A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2020-26217 | 5 Apache, Debian, Netapp and 2 more | 15 Activemq, Debian Linux, Snapmanager and 12 more | 2022-10-28 | 9.3 HIGH | 8.8 HIGH |
| XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. | |||||
| CVE-2020-2922 | 4 Canonical, Mariadb, Netapp and 1 more | 7 Ubuntu Linux, Mariadb, Active Iq Unified Manager and 4 more | 2022-10-28 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-43749 | 1 Synology | 1 Presto File Server | 2022-10-28 | N/A | 8.8 HIGH |
| Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. | |||||
| CVE-2022-43748 | 1 Synology | 1 Presto File Server | 2022-10-28 | N/A | 7.5 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. | |||||
| CVE-2021-45476 | 1 Yordam | 1 Library Automation System | 2022-10-28 | N/A | 6.1 MEDIUM |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. | |||||
| CVE-2021-34589 | 1 Bender | 9 Cc612, Cc612 Firmware, Cc613 and 6 more | 2022-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. | |||||