Total
29603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40807 | 1 Democritus Domains Project | 1 Democritus Domains | 2024-11-21 | 9.8 Critical |
| The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | ||||
| CVE-2022-40806 | 1 Democritus Uuids Project | 1 Democritus Uuids | 2024-11-21 | 9.8 Critical |
| The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | ||||
| CVE-2022-40805 | 1 Democritus Urls Project | 1 Democritus Urls | 2024-11-21 | 9.8 Critical |
| The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package. | ||||
| CVE-2022-40691 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-40430 | 1 D8s-utility Project | 1 D8s-utility | 2024-11-21 | 9.8 Critical |
| The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | ||||
| CVE-2022-40429 | 1 D8s-ip-addresses Project | 1 D8s-ip-addresses | 2024-11-21 | 9.8 Critical |
| The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | ||||
| CVE-2022-40428 | 1 D8s-mpeg Project | 1 D8s Mpeg | 2024-11-21 | 9.8 Critical |
| The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | ||||
| CVE-2022-40427 | 1 Democritus Domains Project | 1 Democritus Domains | 2024-11-21 | 9.8 Critical |
| The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0 | ||||
| CVE-2022-40426 | 1 D8s-asns Project | 1 D8s-asns | 2024-11-21 | 9.8 Critical |
| The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | ||||
| CVE-2022-40425 | 1 D8s-html Project | 1 D8s-html | 2024-11-21 | 9.8 Critical |
| The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | ||||
| CVE-2022-40424 | 1 Democritus Urls Project | 1 Democritus Urls | 2024-11-21 | 9.8 Critical |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0 | ||||
| CVE-2022-40306 | 1 Ecisolutions | 1 Printanista Managed Print Service | 2024-11-21 | 5.9 Medium |
| The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly. | ||||
| CVE-2022-3660 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-3585 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3496 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability. | ||||
| CVE-2022-3443 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2022-3317 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2022-3316 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2022-3276 | 2 Puppet, Redhat | 2 Puppetlabs-mysql, Openstack | 2024-11-21 | 8.4 High |
| Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | ||||
| CVE-2022-3275 | 2 Fedoraproject, Puppet | 2 Fedora, Puppetlabs-mysql | 2024-11-21 | 8.4 High |
| Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | ||||