Total
490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36874 | 1 Samsung | 1 Galaxy Watch Plugin | 2022-09-21 | N/A | 6.2 MEDIUM |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. | |||||
| CVE-2020-5403 | 1 Pivotal | 1 Reactor Netty | 2022-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. | |||||
| CVE-2022-3175 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-15 | N/A | 5.3 MEDIUM |
| Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
| CVE-2022-20066 | 2 Google, Mediatek | 21 Android, Mt6580, Mt6739 and 18 more | 2022-09-09 | 2.1 LOW | 4.4 MEDIUM |
| In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729. | |||||
| CVE-2022-31152 | 1 Matrix | 1 Synapse | 2022-09-09 | N/A | 7.5 HIGH |
| Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. | |||||
| CVE-2022-34368 | 1 Dell | 1 Emc Networker | 2022-09-07 | N/A | 6.5 MEDIUM |
| Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. | |||||
| CVE-2022-36031 | 1 Monospace | 1 Directus | 2022-08-24 | N/A | 6.5 MEDIUM |
| Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`. | |||||
| CVE-2022-36923 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2022-08-16 | N/A | 7.5 HIGH |
| Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | |||||
| CVE-2021-39187 | 1 Parseplatform | 1 Parse-server | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist. | |||||
| CVE-2022-22202 | 1 Juniper | 7 Junos, Ptx1000, Ptx10002-60c and 4 more | 2022-07-27 | N/A | 6.5 MEDIUM |
| An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper Networks Junos OS allows an unauthenticated MPLS-based attacker to cause a Denial of Service (DoS) by triggering the dcpfe process to crash and FPC to restart. On affected PTX Series devices, processing specific MPLS packets received on an interface with multiple units configured may cause FPC to restart unexpectedly. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects PTX Series devices utilizing specific FPCs found on PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series devices, only if multiple units are configured on the ingress interface, and at least one unit has 'family mpls' *not* configured. See the configuration sample below for more information. No other platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS on PTX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. | |||||
| CVE-2022-34639 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application. | |||||
| CVE-2022-34643 | 1 Riscv | 1 Spike Risc-v Isa Simulator | 2022-07-26 | N/A | 5.5 MEDIUM |
| RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory. | |||||
| CVE-2022-34637 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded. | |||||
| CVE-2022-34633 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception. | |||||
| CVE-2022-34634 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception. | |||||
| CVE-2022-34636 | 1 Openhwgroup | 1 Cva6 | 2022-07-26 | N/A | 5.5 MEDIUM |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation. | |||||
| CVE-2021-3127 | 1 Nats | 2 Jwt Library, Nats Server | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. | |||||
| CVE-2021-36128 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. | |||||
| CVE-2021-38384 | 1 Serverless Offline Project | 1 Serverless Offline | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions). | |||||
| CVE-2020-7693 | 1 Sockjs Project | 1 Sockjs | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | |||||