Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-36611 TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 7.8 | HIGH | — | 0 |
| CVE-2022-36612 TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 7.8 | HIGH | — | 0 |
| CVE-2022-36613 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 7.8 | HIGH | — | 0 |
| CVE-2022-36614 TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 7.8 | HIGH | — | 0 |
| CVE-2022-36615 TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 7.8 | HIGH | — | 0 |
| CVE-2022-36616 TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 7.8 | HIGH | — | 0 |
| CVE-2022-38510 Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. | 7.8 | HIGH | — | 0 |
| CVE-2022-38511 TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. | 7.8 | HIGH | — | 0 |
| CVE-2022-34668 NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-40326 Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and displa... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-41780 Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 7.8 | HIGH | — | 0 |
| CVE-2021-41781 Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 7.8 | HIGH | — | 0 |
| CVE-2022-36194 Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-41782 Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 7.8 | HIGH | — | 0 |
| CVE-2021-41783 Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 7.8 | HIGH | — | 0 |
| CVE-2021-41784 Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 7.8 | HIGH | — | 0 |
| CVE-2021-41785 Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 7.8 | HIGH | — | 0 |
| CVE-2022-21165 All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-20439 In Messaging, There has unauthorized provider, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242266172 | 5.5 | MEDIUM | — | 0 |
| CVE-2022-25641 Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-25644 All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25921 All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. | 8.1 | HIGH | — | 0 |
| CVE-2022-22897 A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfil... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32548 An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab f... | 10.0 | CRITICAL | — | 0 |
| CVE-2022-36689 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. | 8.8 | HIGH | — | 0 |
| CVE-2022-3019 The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't coun... | 8.8 | HIGH | — | 0 |
| CVE-2022-37059 Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field | 4.8 | MEDIUM | — | 0 |
| CVE-2022-35014 Advancecomp v2.3 contains a segmentation fault. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-35015 Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-35016 Advancecomp v2.3 was discovered to contain a heap buffer overflow. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-35017 Advancecomp v2.3 was discovered to contain a heap buffer overflow. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-35018 Advancecomp v2.3 was discovered to contain a segmentation fault. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-35019 Advancecomp v2.3 was discovered to contain a segmentation fault. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-35020 Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-36686 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. | 8.8 | HIGH | — | 0 |
| CVE-2022-36687 Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-36688 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. | 8.8 | HIGH | — | 0 |
| CVE-2022-36690 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. | 8.8 | HIGH | — | 0 |
| CVE-2022-0284 A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image F... | 7.1 | HIGH | — | 0 |
| CVE-2022-0336 The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypas... | 8.8 | HIGH | — | 0 |
| CVE-2022-0358 A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sha... | 7.8 | HIGH | — | 0 |
| CVE-2022-0400 An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. | 7.5 | HIGH | — | 0 |
| CVE-2022-0480 A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interf... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0485 A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as ... | 4.8 | MEDIUM | — | 0 |
| CVE-2022-0496 A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0497 A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. | 7.1 | HIGH | — | 0 |
| CVE-2022-0669 A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages tha... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-0718 A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quo... | 4.9 | MEDIUM | — | 0 |
| CVE-2022-0812 An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-0850 A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.