cve.circl.lu
Open in
urlscan Pro
2a00:5980:93::128
Public Scan
URL:
https://cve.circl.lu/
Submission: On October 18 via manual from US — Scanned from DE
Submission: On October 18 via manual from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET
<form id="tfnewsearch" method="get" class="input-group navbar-form" onsubmit="redirect(); return false;">
<input type="text" class="form-control input-sm" id="search" placeholder="Search CVE">
<span class="input-group-btn">
<input type="submit" class="btn btn-default input-sm" value="search">
</span>
</form>POST /r/0
<form method="POST" action="/r/0" id="filter" class="nav form-search">
<table class="searchTable">
<tbody>
<tr>
<td class="text">Time</td>
<td colspan="5">
<select onchange="timeSelectDisable()" name="timeSelect" id="timeSelect">
<option value="all">All</option>
<option value="from">From</option>
<option value="until">Until</option>
<option value="between">Between</option>
<option value="outside">Not During</option>
</select>
<input type="date" placeholder="Start date" name="startDate" id="startDate" readonly="" title="Date in dd/mm/yyyy or dd/mm/yy format, using / or -"
pattern="^(?:(?:31(-|\/)(?:0?[13578]|1[02]))\1|(?:(?:29|30)(-|\/)(?:0?[1,3-9]|1[0-2])\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:29(-|\/)0?2\3(?:(?:(?:1[6-9]|[2-9]\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:0?[1-9]|1\d|2[0-8])(-|\/)(?:(?:0?[1-9])|(?:1[0-2]))\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$">
<input type="date" placeholder="End date" name="endDate" id="endDate" readonly="" title="Date in dd/mm/yyyy or dd/mm/yy format, using / or -"
pattern="^(?:(?:31(-|\/)(?:0?[13578]|1[02]))\1|(?:(?:29|30)(-|\/)(?:0?[1,3-9]|1[0-2])\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:29(-|\/)0?2\3(?:(?:(?:1[6-9]|[2-9]\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:0?[1-9]|1\d|2[0-8])(-|\/)(?:(?:0?[1-9])|(?:1[0-2]))\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$">
<select name="timeTypeSelect" id="timeTypeSelect" readonly="">
<option value="Modified">Last Major Update</option>
<option value="Published">Published</option>
<option value="last-modified">Last Update</option>
</select>
</td>
</tr>
<tr>
<td class="text">CVSS</td>
<td>
<select name="cvssSelect" id="cvssSelect" onchange="cvssSelectDisable()">
<option value="all">All</option>
<option value="above">Above</option>
<option value="equals">Equals</option>
<option value="below">Below</option>
</select>
<input name="cvss" id="cvss" type="number" readonly="" min="0" max="10" step="0.5" value="0">
</td>
<td>Rejected</td>
<td>
<select name="rejectedSelect" id="rejectedSelect">
<option value="hide">Hide</option>
<option value="show">Show</option>
</select>
</td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
<input type="submit" value="Search">
</form>Text Content
* Recent CVE
* Browse CVE per vendor
* Browse CWEs
*
* About
Hide/Show filter
Time All From Until Between Not During Last Major Update Published Last Update
CVSS All Above Equals Below Rejected Hide Show
* «
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* 9
* ..
* 3781
* 3782
* »
IDCVSSSummaryLast (major) updatePublished CVE-2022-38998 None
The HISP module has a vulnerability of not verifying the data transferred in the
kernel space.Successful exploitation of this vulnerability will cause
out-of-bounds read, which affects data confidentiality.
18-10-2022 - 15:48 14-10-2022 - 16:15 CVE-2022-38986 None
The HIPP module has a vulnerability of bypassing the check of the data
transferred in the kernel space.Successful exploitation of this vulnerability
may cause out-of-bounds access to the HIPP module and page table tampering,
affecting device confiden
18-10-2022 - 15:43 14-10-2022 - 16:15 CVE-2022-38977 None
The HwAirlink module has a heap overflow vulnerability.Successful exploitation
of this vulnerability may cause out-of-bounds writes, resulting in modification
of sensitive data.
18-10-2022 - 15:39 14-10-2022 - 16:15 CVE-2022-38985 None
The facial recognition module has a vulnerability in input validation.Successful
exploitation of this vulnerability may affect data confidentiality.
18-10-2022 - 15:38 14-10-2022 - 16:15 CVE-2022-35844 None
An improper neutralization of special elements used in an OS command
vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through
3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated
attacker to execute unauth
18-10-2022 - 15:15 18-10-2022 - 14:15 CVE-2022-35846 None
An improper restriction of excessive authentication attempts vulnerability
[CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0,
7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the
credentials of an admin u
18-10-2022 - 15:15 18-10-2022 - 14:15 CVE-2022-29055 None
A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0
through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy
version 7.0.0 through 7.0.4, 2.0.0 through 2.0.9, 1.2.x allows a remote
unauthenticated or authenti
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-33872 None
An improper neutralization of special elements used in an OS Command ('OS
Command Injection') vulnerabilities [CWE-78] in Telnet login components of
FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may
allow an unauthenticate
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-33873 None
An improper neutralization of special elements used in an OS Command ('OS
Command Injection') vulnerabilities [CWE-78] in Console login components of
FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may
allow an unauthenticat
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-33874 None
An improper neutralization of special elements used in an OS Command ('OS
Command Injection') vulnerabilities [CWE-78] in SSH login components of
FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may
allow an unauthenticated r
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-41537 None
Online Tours & Travels Management System v1.0 was discovered to contain an
arbitrary file upload vulnerability via the component
/user_operations/profile.php. This vulnerability allows attackers to execute
arbitrary code via a crafted PHP file.
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-41540 None
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic
keys when communicating with the router. Attackers who are able to intercept the
communications between the web client and router through a man-in-the-middle
attack can then
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-41541 None
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a
previously transmitted encrypted authentication message and valid authentication
token. Attackers are able to login to the web application as an admin user.
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-41544 None
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE)
vulnerability via the edited_file parameter in admin/theme-edit.php.
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-41547 None
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a
local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script.
This vulnerability allows attackers to read arbitrary files via a crafted HTTP
request.
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-43259 None
Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the
timeZone parameter in the form_fast_setting_wifi_set function.
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-43260 None
Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the
time parameter in the fromSetSysTime function.
18-10-2022 - 15:15 18-10-2022 - 15:15 CVE-2022-34169 None
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue
when processing malicious XSLT stylesheets. This can be used to corrupt Java
class files generated by the internal XSLTC compiler and execute arbitrary Java
bytecode. The
18-10-2022 - 15:15 19-07-2022 - 18:15 CVE-2022-38984 None
The HIPP module has a vulnerability of not verifying the data transferred in the
kernel space.Successful exploitation of this vulnerability will cause
out-of-bounds read, which affects data confidentiality.
18-10-2022 - 15:04 14-10-2022 - 16:15 CVE-2022-26788 4.6
PowerShell Elevation of Privilege Vulnerability.
18-10-2022 - 15:00 15-04-2022 - 19:15 CVE-2022-23267 5.0
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique
from CVE-2022-29117, CVE-2022-29145.
18-10-2022 - 14:59 10-05-2022 - 21:15 CVE-2021-43896 4.3
Microsoft PowerShell Spoofing Vulnerability
18-10-2022 - 14:59 15-12-2021 - 15:15 CVE-2017-8529 4.3
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1,
Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker
to detect specific files on the user's computer when affected Microsoft
scripting engines do no
18-10-2022 - 14:58 15-06-2017 - 01:29 CVE-2020-0951 7.2
A security feature bypass vulnerability exists in Windows Defender Application
Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka
'Windows Defender Application Control Security Feature Bypass Vulnerability'.
18-10-2022 - 14:58 11-09-2020 - 17:15 CVE-2021-3672 6.8
A flaw was found in c-ares library, where a missing input validation check of
host names returned by DNS (Domain Name Servers) can lead to output of wrong
hostnames which might potentially lead to Domain Hijacking. The highest threat
from this vulner
18-10-2022 - 14:57 23-11-2021 - 19:15 CVE-2021-46839 None
The HW_KEYMASTER module has a vulnerability of missing bounds check on
length.Successful exploitation of this vulnerability may cause malicious
construction of data, which results in out-of-bounds access.
18-10-2022 - 14:50 14-10-2022 - 16:15 CVE-2022-41578 None
The MPTCP module has an out-of-bounds write vulnerability.Successful
exploitation of this vulnerability may cause root privilege escalation attacks
implemented by modifying program information.
18-10-2022 - 14:49 14-10-2022 - 16:15 CVE-2022-41580 None
The HW_KEYMASTER module has a vulnerability of not verifying the data
read.Successful exploitation of this vulnerability may cause malicious
construction of data, which results in out-of-bounds access.
18-10-2022 - 14:49 14-10-2022 - 16:15 CVE-2020-15853 None
supybot-fedora implements the command 'refresh', that refreshes the cache of all
users from FAS. This takes quite a while to run, and zodbot stops responding to
requests during this time.
18-10-2022 - 14:15 18-10-2022 - 14:15 CVE-2022-40684 None
An authentication bypass using an alternate path or channel [CWE-288] in
Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy
version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version
7.2.0 and 7.0.0 all
18-10-2022 - 14:15 18-10-2022 - 14:15 CVE-2022-41479 None
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET
Web Forms Build v19.2.3 does not verify the referenced objects in the
/DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object
References (IDOR) vulnerabilit
18-10-2022 - 14:15 18-10-2022 - 14:15 CVE-2022-41504 None
An arbitrary file upload vulnerability in the component
/php_action/editProductImage.php of Billing System Project v1.0 allows attackers
to execute arbitrary code via a crafted PHP file.
18-10-2022 - 14:15 18-10-2022 - 14:15 CVE-2022-41674 None
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to
inject WLAN frames could cause a buffer overflow in the
ieee80211_bss_info_update function in net/mac80211/scan.c.
18-10-2022 - 14:11 14-10-2022 - 00:15 CVE-2022-39065 None
A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway
unresponsive, such that connected lighting cannot be controlled with the IKEA
Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an
unauthenticated broadc
18-10-2022 - 14:08 14-10-2022 - 16:15 CVE-2022-42719 None
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the
Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able
to inject WLAN frames) to crash the kernel and potentially execute code.
18-10-2022 - 14:06 13-10-2022 - 23:15 CVE-2021-27406 None
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and
prior to send the config command from any application running on the local host
machine to force the back-end server into initializing a new open-VPN instance
with arbitrary
18-10-2022 - 13:38 14-10-2022 - 17:15 CVE-2022-38983 None
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful
exploitation of this vulnerability may result in arbitrary code execution.
18-10-2022 - 13:21 14-10-2022 - 16:15 CVE-2022-3587 None
A vulnerability was found in SourceCodester Simple Cold Storage Management
System 1.0. It has been declared as problematic. Affected by this vulnerability
is an unknown functionality of the component My Account. The manipulation of the
argument First
18-10-2022 - 13:15 18-10-2022 - 13:15 CVE-2022-42202 None
TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross
Site Scripting (XSS).
18-10-2022 - 13:15 18-10-2022 - 13:15 CVE-2022-36438 None
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file
permissions, leading to local privilege escalation (this also can be used to
delete files within the system arbitrarily). This affects ASUS System Control
Interface 3 before 3
18-10-2022 - 12:52 18-10-2022 - 12:15 CVE-2022-36439 None
AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal
computers (running Windows) allows a local user to write into the Temp directory
and delete another more privileged file via SYSTEM privileges. This affects ASUS
System Control
18-10-2022 - 12:52 18-10-2022 - 12:15 CVE-2022-2879 None
Reader.Read does not set a limit on the maximum size of file headers. A
maliciously crafted archive could cause Read to allocate unbounded amounts of
memory, potentially causing resource exhaustion or panics. After fix,
Reader.Read limits the maximum
18-10-2022 - 12:48 14-10-2022 - 15:15 CVE-2022-38981 None
The HwAirlink module has an out-of-bounds read vulnerability.Successful
exploitation of this vulnerability may cause information leakage.
18-10-2022 - 12:32 14-10-2022 - 16:15 CVE-2022-42156 None
D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection
vulnerability via the tomography_ping_number parameter at function
SetNetworkTomographySettings.
18-10-2022 - 12:22 13-10-2022 - 19:15 CVE-2022-42159 None
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a
Pseudo-Random Number Generator.
18-10-2022 - 12:21 13-10-2022 - 19:15 CVE-2022-42160 None
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection
vulnerability via the system_time_timezone parameter at function
SetNTPServerSettings.
18-10-2022 - 12:15 13-10-2022 - 19:15 CVE-2022-32174 None
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site
Scripting (XSS) that leads to an account takeover.
18-10-2022 - 12:15 11-10-2022 - 15:15 CVE-2022-42161 None
D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection
vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS.
18-10-2022 - 12:14 13-10-2022 - 19:15 CVE-2022-22211 None
A limitless resource allocation vulnerability in FPC resources of Juniper
Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause
Denial of Service (DoS). Continuously polling the SNMP jnxCosQstatTable causes
the FPC to run o
18-10-2022 - 12:02 18-10-2022 - 03:15 CVE-2022-22220 None
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing
Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a
network-based unauthenticated attacker to cause a Denial of Service (DoS). When
a BGP flow rout
18-10-2022 - 12:02 18-10-2022 - 03:15
Back to Top Mark selected
* «
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* 8
* 9
* ..
* 3781
* 3782
* »
Back to Top