Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33172 | 1 Bund | 1 De.fac2 | 2022-08-29 | N/A | 5.5 MEDIUM |
| de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. | |||||
| CVE-2022-37953 | 1 Ge | 1 Workstationst | 2022-08-29 | N/A | 6.1 MEDIUM |
| An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
| CVE-2022-37151 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2022-08-27 | N/A | 7.5 HIGH |
| There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | |||||
| CVE-2022-33932 | 1 Dell | 1 Emc Powerscale Onefs | 2022-08-24 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. | |||||
| CVE-2022-2600 | 1 Auto-hyperlink Urls Project | 1 Auto-hyperlink Urls | 2022-08-23 | N/A | 5.4 MEDIUM |
| The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object. | |||||
| CVE-2022-35909 | 1 Jellyfin | 1 Jellyfin | 2022-08-19 | N/A | 8.8 HIGH |
| In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. | |||||
| CVE-2022-33990 | 1 Dproxy-nexgen Project | 1 Dproxy-nexgen | 2022-08-18 | N/A | 7.5 HIGH |
| Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | |||||
| CVE-2022-1665 | 1 Redhat | 1 Enterprise Linux | 2022-08-18 | 4.6 MEDIUM | 8.2 HIGH |
| A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. | |||||
| CVE-1999-0892 | 1 Netscape | 1 Communicator | 2022-08-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. | |||||
| CVE-2022-2390 | 1 Google | 1 Google Play Services Software Development Kit | 2022-08-17 | N/A | 8.4 HIGH |
| Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps. | |||||
| CVE-2000-0067 | 1 Cybercash | 1 Merchant Connection Kit | 2022-08-17 | 2.1 LOW | N/A |
| CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. | |||||
| CVE-1999-0560 | 1 Microsoft | 1 Windows Nt | 2022-08-17 | 10.0 HIGH | N/A |
| A system-critical Windows NT file or directory has inappropriate permissions. | |||||
| CVE-1999-0529 | 2022-08-17 | 7.5 HIGH | N/A | ||
| A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. | |||||
| CVE-1999-0900 | 1 Linux-nis | 1 Rpc.yppasswdd | 2022-08-17 | 7.2 HIGH | N/A |
| Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation. | |||||
| CVE-1999-0220 | 2022-08-17 | 10.0 HIGH | N/A | ||
| Attackers can do a denial of service of IRC by crashing the server. | |||||
| CVE-1999-0195 | 2 Linux, Sgi | 2 Linux Kernel, Irix | 2022-08-17 | 5.0 MEDIUM | N/A |
| Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. | |||||
| CVE-1999-0589 | 2022-08-17 | 10.0 HIGH | N/A | ||
| A system-critical Windows NT registry key has inappropriate permissions. | |||||
| CVE-1999-0663 | 2022-08-17 | 10.0 HIGH | N/A | ||
| A system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified. | |||||
| CVE-2000-0109 | 1 Comstock | 1 Multicsp | 2022-08-17 | 10.0 HIGH | N/A |
| The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords. | |||||
| CVE-1999-0537 | 2 Microsoft, Netscape | 2 Internet Explorer, Communicator | 2022-08-17 | 7.5 HIGH | N/A |
| A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. | |||||