U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-41845 - An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.
    Published: September 30, 2022; 1:15:11 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-41841 - An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.
    Published: September 30, 2022; 1:15:11 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-41847 - An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.
    Published: September 30, 2022; 1:15:11 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-41846 - An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.
    Published: September 30, 2022; 1:15:11 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-41842 - An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
    Published: September 30, 2022; 1:15:11 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-41843 - An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
    Published: September 30, 2022; 1:15:11 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-41844 - An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
    Published: September 30, 2022; 1:15:11 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-38732 - SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.
    Published: September 29, 2022; 11:15:09 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-39254 - matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room ke... read CVE-2022-39254
    Published: September 29, 2022; 11:15:10 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-39252 - matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the ... read CVE-2022-39252
    Published: September 29, 2022; 11:15:10 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-39168 - IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
    Published: September 29, 2022; 12:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-40931 - dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).
    Published: September 29, 2022; 12:15:10 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2022-41828 - In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
    Published: September 29, 2022; 5:15:12 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-39173 - In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. ... read CVE-2022-39173
    Published: September 28, 2022; 9:15:11 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2014-0147 - Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorr... read CVE-2014-0147
    Published: September 28, 2022; 11:15:11 PM -0400

    V3.1: 6.2 MEDIUM

  • CVE-2022-40472 - ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text... read CVE-2022-40472
    Published: September 29, 2022; 4:15:14 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2022-29503 - A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
    Published: September 29, 2022; 1:15:28 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-32170 - The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
    Published: September 28, 2022; 6:15:09 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-32169 - The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
    Published: September 28, 2022; 6:15:09 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-23006 - A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can... read CVE-2022-23006
    Published: September 27, 2022; 7:15:12 PM -0400

    V3.1: 6.7 MEDIUM