VYPR

CVEs

82,359 total · page 698 of 1,648

  • CVE-2022-39828HigSep 5, 2022
    risk 0.49cvss 7.5epss 0.01

    sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.

  • CVE-2022-39824HigSep 5, 2022
    risk 0.58cvss 8.9epss 0.01

    Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak.

  • CVE-2022-3118HigSep 4, 2022
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2022-3099HigSep 3, 2022
    risk 0.00cvss 7.8epss 0.00

    Use After Free in GitHub repository vim/vim prior to 9.0.0360.

  • CVE-2022-36754HigSep 2, 2022
    risk 0.47cvss 7.2epss 0.01

    Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.

  • CVE-2020-29260HigSep 2, 2022
    risk 0.00cvss 7.5epss 0.01

    libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

  • CVE-2022-31176HigSep 2, 2022
    risk 0.00cvss 8.3epss 0.01

    Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to…

  • CVE-2022-31196HigSep 2, 2022
    risk 0.00cvss 7.6epss 0.01

    Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200`…

  • CVE-2022-3065HigSep 2, 2022
    risk 0.00cvss 7.5epss 0.01

    Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.

  • CVE-2022-36071HigSep 2, 2022
    risk 0.54cvss 8.3epss 0.00

    SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost,…

  • CVE-2022-34382HigSep 2, 2022
    risk 0.51cvss 7.8epss 0.00

    Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.

  • CVE-2022-34371HigSep 2, 2022
    risk 0.53cvss 8.1epss 0.01

    Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system…

  • CVE-2022-34369HigSep 2, 2022
    risk 0.53cvss 8.1epss 0.01

    Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this…

  • CVE-2022-36078HigSep 2, 2022
    risk 0.50cvss 8.8epss 0.01

    Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program.…

  • CVE-2022-36076HigSep 2, 2022
    risk 0.50cvss 8.8epss 0.00

    NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was…

  • CVE-2022-37458HigSep 2, 2022
    risk 0.47cvss 7.2epss 0.01

    Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.

  • CVE-2022-25680HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto

  • CVE-2022-25668HigSep 2, 2022
    risk 0.47cvss 7.3epss 0.00

    Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

  • CVE-2022-25659HigSep 2, 2022
    risk 0.47cvss 7.3epss 0.00

    Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

  • CVE-2022-25658HigSep 2, 2022
    risk 0.47cvss 7.3epss 0.00

    Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2022-25657HigSep 2, 2022
    risk 0.47cvss 7.3epss 0.00

    Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

  • CVE-2022-22106HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto

  • CVE-2022-22104HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto

  • CVE-2022-22102HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto

  • CVE-2022-22100HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto

  • CVE-2022-22099HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto

  • CVE-2022-22098HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto

  • CVE-2022-22097HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT

  • CVE-2022-22080HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

  • CVE-2022-22070HigSep 2, 2022
    risk 0.51cvss 7.8epss 0.00

    Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

  • CVE-2022-22069HigSep 2, 2022
    risk 0.50cvss 7.7epss 0.00

    Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

  • CVE-2022-22067HigSep 2, 2022
    risk 0.49cvss 7.5epss 0.00

    Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

  • CVE-2022-22062HigSep 2, 2022
    risk 0.53cvss 8.2epss 0.00

    An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,…

  • CVE-2022-22061HigSep 2, 2022
    risk 0.51cvss 7.8epss 0.00

    Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

  • CVE-2022-22059HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2021-35134HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2021-35132HigSep 2, 2022
    risk 0.55cvss 8.4epss 0.00

    Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

  • CVE-2021-35113HigSep 2, 2022
    risk 0.47cvss 7.3epss 0.00

    Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

  • CVE-2021-35097HigSep 2, 2022
    risk 0.47cvss 7.3epss 0.00

    Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice…

  • CVE-2022-29158HigSep 2, 2022
    risk 0.49cvss 7.5epss 0.02

    Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

  • CVE-2022-25813HigSep 2, 2022
    risk 0.54cvss 7.5epss 0.67

    In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party…

  • CVE-2022-39189HigSep 2, 2022
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

  • CVE-2022-36636HigSep 2, 2022
    risk 0.57cvss 8.8epss 0.01

    Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.

  • CVE-2022-39177HigSep 2, 2022
    risk 0.50cvss 8.8epss 0.01

    BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

  • CVE-2022-39176HigSep 2, 2022
    risk 0.50cvss 8.8epss 0.01

    BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

  • CVE-2022-39170HigSep 2, 2022
    risk 0.00cvss 8.8epss 0.01

    libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

  • CVE-2021-25657HigSep 2, 2022
    risk 0.51cvss 7.8epss 0.00

    A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

  • CVE-2022-36622HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.01

    Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

  • CVE-2022-36621HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.01

    Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

  • CVE-2022-36604HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.01

    An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request.