Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3669 | 1 Axiosys | 1 Bento4 | 2022-10-28 | N/A | 5.5 MEDIUM |
| A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability. | |||||
| CVE-2022-3668 | 1 Axiosys | 1 Bento4 | 2022-10-28 | N/A | 5.5 MEDIUM |
| A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008. | |||||
| CVE-2022-30550 | 2 Debian, Dovecot | 2 Debian Linux, Dovecot | 2022-10-28 | N/A | 8.8 HIGH |
| An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. | |||||
| CVE-2022-3665 | 1 Axiosys | 1 Bento4 | 2022-10-28 | N/A | 7.8 HIGH |
| A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability. | |||||
| CVE-2022-28366 | 3 Antisamy Project, Cyberneko Html Project, Htmlunit Project | 3 Antisamy, Cyberneko Html, Htmlunit | 2022-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839. | |||||
| CVE-2022-43003 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. | |||||
| CVE-2022-43002 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. | |||||
| CVE-2022-43001 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. | |||||
| CVE-2022-43000 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. | |||||
| CVE-2022-30885 | 1 Esa | 1 Pyesasky | 2022-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2. | |||||
| CVE-2022-42999 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-10-28 | N/A | 7.5 HIGH |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. | |||||
| CVE-2022-42998 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-10-28 | N/A | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. | |||||
| CVE-2021-20077 | 1 Tenable | 1 Nessus Agent | 2022-10-28 | 7.2 HIGH | 6.7 MEDIUM |
| Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. | |||||
| CVE-2022-25192 | 1 Jenkins | 1 Snow Commander | 2022-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-0981 | 1 Google | 1 Android | 2022-10-28 | 4.6 MEDIUM | 7.8 HIGH |
| In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-191981182 | |||||
| CVE-2021-38374 | 1 Open-xchange | 1 Ox App Suite | 2022-10-28 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. | |||||
| CVE-2022-33879 | 1 Apache | 1 Tika | 2022-10-28 | 2.6 LOW | 3.3 LOW |
| The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. | |||||
| CVE-2021-41524 | 4 Apache, Fedoraproject, Netapp and 1 more | 4 Http Server, Fedora, Cloud Backup and 1 more | 2022-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. | |||||
| CVE-2021-25738 | 1 Kubernetes | 1 Java | 2022-10-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. | |||||
| CVE-2021-28700 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-10-28 | 6.8 MEDIUM | 4.9 MEDIUM |
| xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. | |||||