Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0518 | 1 Google | 1 Android | 2022-10-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-176541017 | |||||
| CVE-2022-37042 | 1 Zimbra | 1 Collaboration | 2022-10-28 | N/A | 9.8 CRITICAL |
| Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925. | |||||
| CVE-2021-34798 | 8 Apache, Broadcom, Debian and 5 more | 18 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 15 more | 2022-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||||
| CVE-2020-18151 | 1 Thinkcmf | 1 Thinkcmf | 2022-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | |||||
| CVE-2021-24653 | 1 Cookie-bar Project | 1 Cookie-bar | 2022-10-28 | 3.5 LOW | 4.8 MEDIUM |
| The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise the Cookie Bar Message setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-39272 | 2 Fedoraproject, Fetchmail | 2 Fedora, Fetchmail | 2022-10-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. | |||||
| CVE-2022-31262 | 1 Gog | 1 Galaxy | 2022-10-28 | N/A | 7.8 HIGH |
| An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM. | |||||
| CVE-2021-36386 | 2 Fedoraproject, Fetchmail | 2 Fedora, Fetchmail | 2022-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. | |||||
| CVE-2022-33068 | 2 Fedoraproject, Harfbuzz Project | 2 Fedora, Harfbuzz | 2022-10-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
| CVE-2022-21233 | 1 Intel | 668 Atom C3308, Atom C3308 Firmware, Atom C3336 and 665 more | 2022-10-28 | N/A | 5.5 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33477 | 6 Debian, Eterm Project, Fedoraproject and 3 more | 6 Debian Linux, Eterm, Fedora and 3 more | 2022-10-28 | 6.5 MEDIUM | 8.8 HIGH |
| rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. | |||||
| CVE-2021-45931 | 2 Fedoraproject, Harfbuzz Project | 2 Fedora, Harfbuzz | 2022-10-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). | |||||
| CVE-2022-37452 | 2 Debian, Exim | 2 Debian Linux, Exim | 2022-10-28 | N/A | 9.8 CRITICAL |
| Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | |||||
| CVE-2022-38189 | 1 Esri | 1 Portal For Arcgis | 2022-10-28 | N/A | 5.4 MEDIUM |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | |||||
| CVE-2022-27664 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2022-10-28 | N/A | 7.5 HIGH |
| In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. | |||||
| CVE-2020-8479 | 1 Abb | 3 800xa System, Compact Hmi, Control Builder Safe | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling. | |||||
| CVE-2020-8476 | 1 Abb | 3 800xa System, Compact Hmi, Control Builder Safe | 2022-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service. | |||||
| CVE-2020-8475 | 1 Abb | 3 800xa System, Compact Hmi, Control Builder Safe | 2022-10-27 | 2.1 LOW | 7.5 HIGH |
| For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service. | |||||
| CVE-2022-43775 | 1 Deltaww | 1 Diaenergie | 2022-10-27 | N/A | 9.8 CRITICAL |
| The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||
| CVE-2022-43774 | 1 Deltaww | 1 Diaenergie | 2022-10-27 | N/A | 9.8 CRITICAL |
| The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. | |||||