Original release date: December 19, 2022
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
hp — futuresmart_5 | A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. | 2022-12-12 | 9.8 | CVE-2021-3821 MISC |
google — android | In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239210579 | 2022-12-13 | 9.8 | CVE-2022-20472 MISC |
google — android | In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239267173 | 2022-12-13 | 9.8 | CVE-2022-20473 MISC |
cycle-import-check_project — cycle-import-check | The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. | 2022-12-14 | 9.8 | CVE-2022-24377 CONFIRM CONFIRM |
citrix — application_delivery_controller_firmware | Unauthenticated remote arbitrary code execution | 2022-12-13 | 9.8 | CVE-2022-27518 MISC |
zephyrproject — zephyr | There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. | 2022-12-09 | 9.8 | CVE-2022-2993 MISC |
vmware — vrealize_network_insight | vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication. | 2022-12-14 | 9.8 | CVE-2022-31702 MISC |
arubanetworks — sd-wan | There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2022-12-12 | 9.8 | CVE-2022-37897 MISC |
hpe — officeconnect_1820_j9979a_firmware | A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22; | 2022-12-12 | 9.8 | CVE-2022-37932 MISC |
hcltechsw — hcl_commerce | HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | 2022-12-12 | 9.8 | CVE-2022-38656 MISC |
boxystudio — cooked | The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. | 2022-12-12 | 9.8 | CVE-2022-3900 MISC |
wedevs — dokan | The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | 2022-12-12 | 9.8 | CVE-2022-3915 MISC |
themographics — listingo | The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE | 2022-12-12 | 9.8 | CVE-2022-3921 MISC |
wpdevart — booking_calendar | The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE | 2022-12-12 | 9.8 | CVE-2022-3982 MISC |
daikinlatam — svmpc2 | Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system. | 2022-12-13 | 9.8 | CVE-2022-41653 MISC |
rxvt-unicode_project — rxvt-unicode | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user’s terminal and certain options are set. | 2022-12-09 | 9.8 | CVE-2022-4170 MISC MISC |
ikus-soft — rdiffweb | Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. | 2022-12-12 | 9.8 | CVE-2022-4314 MISC CONFIRM |
siemens — sicam_pas | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | 2022-12-13 | 9.8 | CVE-2022-43724 CONFIRM |
mingsoft — mcms | A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. | 2022-12-09 | 9.8 | CVE-2022-4375 MISC MISC |
nodau_project — nodau | A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252. | 2022-12-10 | 9.8 | CVE-2022-4399 MISC MISC MISC |
corebos — corebos | PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. | 2022-12-13 | 9.8 | CVE-2022-4446 MISC CONFIRM |
dlink — dir-3040_firmware | D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. | 2022-12-14 | 9.8 | CVE-2022-44832 MISC MISC |
scif — scifio | A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215803. | 2022-12-14 | 9.8 | CVE-2022-4493 N/A N/A |
mcp_mapping_viewer_project — mcp_mapping_viewer | A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Affected by this issue is the function extractZip of the file src/main/java/bspkrs/mmv/RemoteZipHandler.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The name of the patch is 6e602746c96b4756c271d080dae7d22ad804a1bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215804. | 2022-12-14 | 9.8 | CVE-2022-4494 N/A N/A |
ip-com — ew9_firmware | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. | 2022-12-13 | 9.8 | CVE-2022-45005 MISC |
call-cc — chicken | egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. | 2022-12-10 | 9.8 | CVE-2022-45145 MISC MISC MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. | 2022-12-14 | 9.8 | CVE-2022-46071 MISC |
helmet_store_showroom_project — helmet_store_showroom | Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection. | 2022-12-14 | 9.8 | CVE-2022-46072 MISC |
codecentric — spring_boot_admin | Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint. | 2022-12-09 | 9.8 | CVE-2022-46166 MISC MISC |
github — enterprise_server | An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-12-14 | 9.8 | CVE-2022-46255 MISC |
siemens — 6gk5204-0ba00-2mb2_firmware | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions. | 2022-12-13 | 9.8 | CVE-2022-46353 CONFIRM |
apache — cxf | A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | 2022-12-13 | 9.8 | CVE-2022-46364 MISC |
python3-restfulapi_project — python3-restfulapi | Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | 2022-12-14 | 9.8 | CVE-2022-46609 MISC MISC MISC MISC |
jenkins — plot | Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2022-12-12 | 9.8 | CVE-2022-46682 MISC |
sqlite — sqlite | SQLite through 3.40.0, when relying on –safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | 2022-12-12 | 9.8 | CVE-2022-46908 MISC MISC MISC |
vsphere_selfuse_project — vsphere_selfuse | vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | 2022-12-14 | 9.8 | CVE-2022-46996 MISC MISC MISC |
passhunt_project — passhunt | Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | 2022-12-14 | 9.8 | CVE-2022-46997 MISC MISC MISC |
microsoft — 365_apps | Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47212, CVE-2022-47213. | 2022-12-13 | 9.8 | CVE-2022-47211 MISC |
sap — netweaver_process_integration | An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) – version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection | 2022-12-13 | 9.4 | CVE-2022-41271 MISC MISC |
kingspan — tms300_cs_firmware | Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver. | 2022-12-13 | 9.1 | CVE-2022-2757 MISC |
kbase_doc_project — kbase_doc | Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. | 2022-12-09 | 9.1 | CVE-2022-45290 MISC |
fp_newsletter_project — fp_newsletter | An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people. | 2022-12-14 | 9.1 | CVE-2022-47408 MISC |
proxmox — virtual_environment | A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/. | 2022-12-14 | 9 | CVE-2022-31358 MISC MISC MISC MISC |
google — android | In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-232023771 | 2022-12-13 | 8.8 | CVE-2022-20411 MISC |
google — android | In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230867224 | 2022-12-13 | 8.8 | CVE-2022-20469 MISC |
cisco — ata_190_firmware | Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device. | 2022-12-12 | 8.8 | CVE-2022-20689 MISC |
cisco — ata_190_firmware | Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device. | 2022-12-12 | 8.8 | CVE-2022-20690 MISC |
cisco — ip_phone_7811_firmware | A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device. | 2022-12-12 | 8.8 | CVE-2022-20968 MISC |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | 2022-12-14 | 8.8 | CVE-2022-23503 MISC |
cube — cube.js | cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to 0.31.24 or to downgrade to 0.31.22. There are no known workarounds for this vulnerability. | 2022-12-09 | 8.8 | CVE-2022-23510 MISC MISC MISC |
vmware — esxi | VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | 2022-12-13 | 8.8 | CVE-2022-31696 MISC |
averta — shortcodes_and_extra_features_for_phlox_theme | The Shortcodes and extra features for Phlox WordPress plugin through 2.10.5 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 2022-12-12 | 8.8 | CVE-2022-3359 MISC |
apache — atlas | A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. | 2022-12-14 | 8.8 | CVE-2022-34271 MISC |
devolutions — remote_desktop_manager | Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. | 2022-12-12 | 8.8 | CVE-2022-3641 MISC |
spip — spip | RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via a GET parameter | 2022-12-14 | 8.8 | CVE-2022-37155 MISC |
arubanetworks — arubaos | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2022-12-12 | 8.8 | CVE-2022-37898 MISC |
arubanetworks — arubaos | A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system. | 2022-12-12 | 8.8 | CVE-2022-37903 MISC |
arubanetworks — sd-wan | Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. | 2022-12-12 | 8.8 | CVE-2022-37904 MISC |
arubanetworks — sd-wan | Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. | 2022-12-12 | 8.8 | CVE-2022-37905 MISC |
arubanetworks — sd-wan | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2022-12-12 | 8.8 | CVE-2022-37912 MISC |
icegram — email_subscribers_&_newsletters | The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber | 2022-12-12 | 8.8 | CVE-2022-3981 MISC |
wut — com-server_++_firmware | Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. During an authenticated session to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device. | 2022-12-13 | 8.8 | CVE-2022-4098 MISC |
microsoft — .net | .NET Framework Remote Code Execution Vulnerability. | 2022-12-13 | 8.8 | CVE-2022-41089 MISC |
sap — basis | Due to the unrestricted scope of the RFC function module, SAP BASIS – versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application. | 2022-12-13 | 8.8 | CVE-2022-41264 MISC MISC |
sap — business_objects_business_intelligence_platform | SAP Business Objects Platform – versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | 2022-12-13 | 8.8 | CVE-2022-41267 MISC MISC |
ibm — db2 | IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210. | 2022-12-12 | 8.8 | CVE-2022-41296 MISC MISC |
deltaww — dvw-w02w2-e2_firmware | Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. | 2022-12-14 | 8.8 | CVE-2022-42139 MISC |
arm — bifrost_gpu_kernel_driver | An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0. | 2022-12-12 | 8.8 | CVE-2022-42716 MISC |
arubanetworks — edgeconnect_enterprise | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 8.8 | CVE-2022-43542 MISC |
canteen_management_system_project — canteen_management_system | A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272. | 2022-12-11 | 8.8 | CVE-2022-4403 MISC MISC |
mxsdoc_project — mxsdoc | A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the identifier assigned to this vulnerability. | 2022-12-12 | 8.8 | CVE-2022-4416 N/A N/A |
google — chrome | Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-12-14 | 8.8 | CVE-2022-4436 MISC MISC |
google — chrome | Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-12-14 | 8.8 | CVE-2022-4437 MISC MISC |
google — chrome | Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2022-12-14 | 8.8 | CVE-2022-4438 MISC MISC |
google — chrome | Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) | 2022-12-14 | 8.8 | CVE-2022-4439 MISC MISC |
google — chrome | Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2022-12-14 | 8.8 | CVE-2022-4440 MISC MISC |
microsoft — sharepoint_foundation | Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44693. | 2022-12-13 | 8.8 | CVE-2022-44690 MISC |
microsoft — sharepoint_foundation | Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44690. | 2022-12-13 | 8.8 | CVE-2022-44693 MISC |
tenda — ax12_firmware | Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | 2022-12-12 | 8.8 | CVE-2022-45043 MISC |
open-emr — openemr | Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. | 2022-12-15 | 8.8 | CVE-2022-4506 CONFIRM MISC |
sens_project — sens | SENS v1.0 has a file upload vulnerability. | 2022-12-12 | 8.8 | CVE-2022-45759 MISC |
sens_project — sens | SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. | 2022-12-12 | 8.8 | CVE-2022-45760 MISC |
alist_project — alist | Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | 2022-12-12 | 8.8 | CVE-2022-45968 MISC |
tenda — ax12_firmware | Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. | 2022-12-12 | 8.8 | CVE-2022-45977 MISC |
tenda — ax12_firmware | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . | 2022-12-12 | 8.8 | CVE-2022-45980 MISC |
helmet_store_showroom_project — helmet_store_showroom | Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection. | 2022-12-14 | 8.8 | CVE-2022-46074 MISC |
akeneo — product_information_management | Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch .php$>` in their apache httpd configurations with: `<Location “/index.php”>`. | 2022-12-09 | 8.8 | CVE-2022-46157 MISC MISC |
github — enterprise_server | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-12-14 | 8.8 | CVE-2022-46256 MISC MISC MISC MISC MISC |
bangresto_project — bangresto | mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. | 2022-12-14 | 8.8 | CVE-2022-46443 MISC |
gnu — grub2 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | 2022-12-14 | 8.6 | CVE-2022-2601 MISC |
sap — netweaver_process_integration | An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) – version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application. | 2022-12-13 | 8.6 | CVE-2022-41272 MISC MISC |
microsoft — windows_server_2008 | PowerShell Remote Code Execution Vulnerability. | 2022-12-13 | 8.5 | CVE-2022-41076 MISC |
microsoft — dynamics_nav | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability. | 2022-12-13 | 8.5 | CVE-2022-41127 MISC |
google — android | In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197296414 | 2022-12-13 | 8.4 | CVE-2022-20444 MISC |
tibco — jasperreports_server | The HTML escaping component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server – Community Edition, TIBCO JasperReports Server – Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server – Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server – Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0. | 2022-12-13 | 8.4 | CVE-2022-41562 CONFIRM CONFIRM |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. | 2022-12-13 | 8.3 | CVE-2022-44708 MISC |
metersphere — metersphere | MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + “/” + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1. | 2022-12-14 | 8.1 | CVE-2022-23512 MISC |
qualcomm — apq8009_firmware | Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-12-13 | 8.1 | CVE-2022-33268 CONFIRM |
arubanetworks — sd-wan | An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system. | 2022-12-12 | 8.1 | CVE-2022-37906 MISC |
dpdgroup — woocommerce_shipping | The WooCommerce Shipping WordPress plugin through 1.2.11 does not have authorisation and CRSF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | 2022-12-12 | 8.1 | CVE-2022-3999 MISC |
microsoft — windows_server_2008 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44676. | 2022-12-13 | 8.1 | CVE-2022-44670 MISC |
microsoft — windows_server_2008 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44670. | 2022-12-13 | 8.1 | CVE-2022-44676 MISC |
siemens — mendix_email_connector | A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information. | 2022-12-13 | 8.1 | CVE-2022-45936 CONFIRM |
siemens — mendix_workflow_commons | A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. | 2022-12-13 | 8.1 | CVE-2022-46664 CONFIRM |
msi — wrapper | EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates. | 2022-12-13 | 7.8 | CVE-2021-32415 MISC MISC MISC |
google — android | In the user interface buttons of PermissionController, there is a possible way to bypass permissions dialogs due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-175190844 | 2022-12-13 | 7.8 | CVE-2021-39617 MISC |
google — android | In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-234013191 | 2022-12-13 | 7.8 | CVE-2022-20470 MISC |
google — android | In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294 | 2022-12-13 | 7.8 | CVE-2022-20474 MISC |
google — android | In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting=”true” due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194 | 2022-12-13 | 7.8 | CVE-2022-20475 MISC |
google — android | In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867 | 2022-12-13 | 7.8 | CVE-2022-20477 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764135 | 2022-12-13 | 7.8 | CVE-2022-20478 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764340 | 2022-12-13 | 7.8 | CVE-2022-20479 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764350 | 2022-12-13 | 7.8 | CVE-2022-20480 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702851 | 2022-12-13 | 7.8 | CVE-2022-20484 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242702935 | 2022-12-13 | 7.8 | CVE-2022-20485 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703118 | 2022-12-13 | 7.8 | CVE-2022-20486 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703202 | 2022-12-13 | 7.8 | CVE-2022-20487 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217 | 2022-12-13 | 7.8 | CVE-2022-20488 MISC |
google — android | In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556 | 2022-12-13 | 7.8 | CVE-2022-20491 MISC |
google — android | In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243849844 | 2022-12-13 | 7.8 | CVE-2022-20495 MISC |
google — android | In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180 | 2022-12-13 | 7.8 | CVE-2022-20611 MISC |
qualcomm — apq8096au_firmware | Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-12-13 | 7.8 | CVE-2022-25677 CONFIRM |
qualcomm — aqt1000_firmware | Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-12-13 | 7.8 | CVE-2022-25681 CONFIRM |
qualcomm — apq8009_firmware | Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-12-13 | 7.8 | CVE-2022-25682 CONFIRM |
qualcomm — apq8009_firmware | Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-12-13 | 7.8 | CVE-2022-25695 CONFIRM |
qualcomm — sd_8_gen1_5g_firmware | Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables | 2022-12-13 | 7.8 | CVE-2022-25697 CONFIRM |
qualcomm — sd_8_gen1_5g_firmware | Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables | 2022-12-13 | 7.8 | CVE-2022-25698 CONFIRM |
qualcomm — aqt1000_firmware | Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-12-13 | 7.8 | CVE-2022-25711 CONFIRM |
qualcomm — aqt1000_firmware | Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-12-13 | 7.8 | CVE-2022-25712 CONFIRM |
microsoft — 365_apps | Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213. | 2022-12-13 | 7.8 | CVE-2022-26804 MISC |
microsoft — 365_apps | Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213. | 2022-12-13 | 7.8 | CVE-2022-26805 MISC |
microsoft — 365_apps | Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213. | 2022-12-13 | 7.8 | CVE-2022-26806 MISC |
secomea — gatemanager | A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7. | 2022-12-09 | 7.8 | CVE-2022-2752 MISC |
altair — hyperview_player | Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation. | 2022-12-13 | 7.8 | CVE-2022-2947 MISC |
altair — hyperview_player | Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. | 2022-12-13 | 7.8 | CVE-2022-2949 MISC |
google — google_search | There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41 | 2022-12-13 | 7.8 | CVE-2022-29580 MISC |
wp_csv_exporter_project — wp_csv_exporter | The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. | 2022-12-12 | 7.8 | CVE-2022-3605 MISC |
hp — support_assistant | HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up. | 2022-12-12 | 7.8 | CVE-2022-38395 MISC |
microsoft — windows_server_2008 | Windows Fax Compose Form Elevation of Privilege Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-41077 MISC |
microsoft — windows_server_2012 | Windows Hyper-V Elevation of Privilege Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-41094 MISC |
microsoft — windows_server_2008 | Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44671, CVE-2022-44680, CVE-2022-44697. | 2022-12-13 | 7.8 | CVE-2022-41121 MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-12-13 | 7.8 | CVE-2022-41281 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-12-13 | 7.8 | CVE-2022-41282 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-12-13 | 7.8 | CVE-2022-41283 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-12-13 | 7.8 | CVE-2022-41284 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2022-12-13 | 7.8 | CVE-2022-41285 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2022-12-13 | 7.8 | CVE-2022-41286 CONFIRM |
siemens — star-ccm+ | A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges. | 2022-12-13 | 7.8 | CVE-2022-43517 CONFIRM |
siemens — sicam_pas | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | 2022-12-13 | 7.8 | CVE-2022-43722 CONFIRM |
radare — radare2 | Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. | 2022-12-10 | 7.8 | CVE-2022-4398 MISC CONFIRM |
trendmicro — apex_one | An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-12-12 | 7.8 | CVE-2022-44649 MISC MISC |
trendmicro — apex_one | A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-12-12 | 7.8 | CVE-2022-44650 MISC MISC |
trendmicro — apex_one | An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-12-12 | 7.8 | CVE-2022-44652 MISC MISC |
trendmicro — apex_one | A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-12-12 | 7.8 | CVE-2022-44653 MISC MISC |
microsoft — windows_server_2008 | Windows Contacts Remote Code Execution Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44666 MISC |
microsoft — windows_server_2008 | Windows Media Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44668. | 2022-12-13 | 7.8 | CVE-2022-44667 MISC |
microsoft — windows_server_2008 | Windows Media Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44667. | 2022-12-13 | 7.8 | CVE-2022-44668 MISC |
microsoft — windows_10 | Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44680, CVE-2022-44697. | 2022-12-13 | 7.8 | CVE-2022-44671 MISC |
microsoft — windows_server_2008 | Windows Bluetooth Driver Elevation of Privilege Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44675 MISC |
microsoft — windows_server_2019 | Windows Projected File System Elevation of Privilege Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44677 MISC |
microsoft — windows_server_2008 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44681. | 2022-12-13 | 7.8 | CVE-2022-44678 MISC |
microsoft — windows_server_2012 | Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44697. | 2022-12-13 | 7.8 | CVE-2022-44680 MISC |
microsoft — windows_server_2008 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44678. | 2022-12-13 | 7.8 | CVE-2022-44681 MISC |
microsoft — windows_server_2012 | Windows Kernel Elevation of Privilege Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44683 MISC |
microsoft — raw_image_extension | Raw Image Extension Remote Code Execution Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44687 MISC |
microsoft — windows_server_2019 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44689 MISC |
microsoft — office | Microsoft Office OneNote Remote Code Execution Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44691 MISC |
microsoft — office | Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213. | 2022-12-13 | 7.8 | CVE-2022-44692 MISC |
microsoft — 365_apps | Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44695, CVE-2022-44696. | 2022-12-13 | 7.8 | CVE-2022-44694 MISC |
microsoft — visio | Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44696. | 2022-12-13 | 7.8 | CVE-2022-44695 MISC |
microsoft — 365_apps | Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44695. | 2022-12-13 | 7.8 | CVE-2022-44696 MISC |
microsoft — windows_server_2008 | Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44680. | 2022-12-13 | 7.8 | CVE-2022-44697 MISC |
microsoft — terminal | Windows Terminal Remote Code Execution Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44702 MISC |
microsoft — windows_sysmon | Microsoft Windows Sysmon Elevation of Privilege Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44704 MISC |
microsoft — windows_11 | DirectX Graphics Kernel Elevation of Privilege Vulnerability. | 2022-12-13 | 7.8 | CVE-2022-44710 MISC |
asus — aura_sync | The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. | 2022-12-14 | 7.8 | CVE-2022-44898 MISC MISC MISC |
quarkslab — binbloom | Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c. | 2022-12-14 | 7.8 | CVE-2022-44910 MISC |
siemens — parasolid | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19070) | 2022-12-13 | 7.8 | CVE-2022-46345 CONFIRM |
siemens — parasolid | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071) | 2022-12-13 | 7.8 | CVE-2022-46346 CONFIRM |
siemens — parasolid | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19079) | 2022-12-13 | 7.8 | CVE-2022-46347 CONFIRM |
siemens — parasolid | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383) | 2022-12-13 | 7.8 | CVE-2022-46348 CONFIRM |
siemens — parasolid | A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19384) | 2022-12-13 | 7.8 | CVE-2022-46349 CONFIRM |
microsoft — 365_apps | Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47213. | 2022-12-13 | 7.8 | CVE-2022-47212 MISC |
microsoft — 365_apps | Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212. | 2022-12-13 | 7.8 | CVE-2022-47213 MISC |
siemens — simatic_s7-plcsim_advanced_firmware | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIPLUS TIM 1531 IRC (All versions), TIM 1531 IRC (All versions). Affected devices don’t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | 2022-12-13 | 7.5 | CVE-2021-40365 CONFIRM |
siemens — simatic_s7-plcsim_advanced_firmware | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIPLUS TIM 1531 IRC (All versions), TIM 1531 IRC (All versions). Affected devices don’t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | 2022-12-13 | 7.5 | CVE-2021-44693 CONFIRM |
siemens — simatic_s7-plcsim_advanced_firmware | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIPLUS TIM 1531 IRC (All versions), TIM 1531 IRC (All versions). Affected devices don’t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | 2022-12-13 | 7.5 | CVE-2021-44694 CONFIRM |
siemens — simatic_s7-plcsim_advanced_firmware | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V3.0.1), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.6.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.0.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V5.0), SIPLUS TIM 1531 IRC (All versions), TIM 1531 IRC (All versions). Affected devices don’t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | 2022-12-13 | 7.5 | CVE-2021-44695 CONFIRM |
google — android | In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126 | 2022-12-13 | 7.5 | CVE-2022-20483 MISC |
freshrss — freshrss | FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`. | 2022-12-09 | 7.5 | CVE-2022-23497 MISC MISC MISC |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively – amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1. | 2022-12-14 | 7.5 | CVE-2022-23500 MISC |
auth0 — passport-wsfed-saml2 | Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. This issue is patched in version 4.6.3. Use of SAML2 authentication instead of WSFed is a workaround. | 2022-12-13 | 7.5 | CVE-2022-23505 MISC |
rails_html_sanitizer_project — rails_html_sanitizer | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4. | 2022-12-14 | 7.5 | CVE-2022-23517 MISC MISC MISC |
qualcomm — ar8035_firmware | Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile | 2022-12-13 | 7.5 | CVE-2022-25672 CONFIRM |
qualcomm — ar8035_firmware | Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile | 2022-12-13 | 7.5 | CVE-2022-25673 CONFIRM |
qualcomm — apq8009_firmware | Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-12-13 | 7.5 | CVE-2022-25685 CONFIRM |
qualcomm — ar8035_firmware | Denial of service in Modem due to reachable assertion in Snapdragon Mobile | 2022-12-13 | 7.5 | CVE-2022-25689 CONFIRM |
qualcomm — ar8035_firmware | Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile | 2022-12-13 | 7.5 | CVE-2022-25691 CONFIRM |
qualcomm — ar8035_firmware | Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-12-13 | 7.5 | CVE-2022-25692 CONFIRM |
qualcomm — apq8009_firmware | Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-12-13 | 7.5 | CVE-2022-25702 CONFIRM |
bluetooth — bluetooth_core_specification | Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion. | 2022-12-12 | 7.5 | CVE-2022-25836 CONFIRM |
bluetooth — bluetooth_core_specification | Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion. | 2022-12-12 | 7.5 | CVE-2022-25837 CONFIRM |
deltaww — dialink | Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | 2022-12-13 | 7.5 | CVE-2022-2660 MISC |
hp — pagewide_352dw_j6u57a_firmware | Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. | 2022-12-12 | 7.5 | CVE-2022-2794 MISC |
vmware — vrealize_network_insight | vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server. | 2022-12-14 | 7.5 | CVE-2022-31703 MISC |
qualcomm — apq8009_firmware | Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-12-13 | 7.5 | CVE-2022-33235 CONFIRM |
qualcomm — apq8009_firmware | Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-12-13 | 7.5 | CVE-2022-33238 CONFIRM |
ifm — moneo_qha210_firmware | In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number. | 2022-12-12 | 7.5 | CVE-2022-3485 MISC |
google — protobuf-javalite | A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | 2022-12-12 | 7.5 | CVE-2022-3509 MISC |
google — protobuf-javalite | A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | 2022-12-12 | 7.5 | CVE-2022-3510 MISC |
wireshark — wireshark | Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows | 2022-12-09 | 7.5 | CVE-2022-3724 MISC MISC CONFIRM |
arubanetworks — sd-wan | A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. | 2022-12-12 | 7.5 | CVE-2022-37907 MISC |
arubanetworks — edgeconnect_enterprise | A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below; | 2022-12-12 | 7.5 | CVE-2022-37919 MISC |
wpeverest — user_registration | The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. | 2022-12-12 | 7.5 | CVE-2022-3912 MISC |
openssl — openssl | If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy’ argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()’ or `X509_VERIFY_PARAM_set1_policies()’ functions. | 2022-12-13 | 7.5 | CVE-2022-3996 MISC MISC |
sap — business_planning_and_consolidation | In some SAP standard roles in SAP Business Planning and Consolidation – versions – SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data. | 2022-12-13 | 7.5 | CVE-2022-41268 MISC MISC |
superwhite — demon_image_annotation | The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings. | 2022-12-13 | 7.5 | CVE-2022-4171 MISC MISC |
siemens — sicam_pas | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | 2022-12-13 | 7.5 | CVE-2022-43723 CONFIRM |
hp — m2u75a_firmware | Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack. | 2022-12-12 | 7.5 | CVE-2022-43780 MISC |
phpmyfaq — phpmyfaq | Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | 2022-12-11 | 7.5 | CVE-2022-4409 MISC CONFIRM |
trendmicro — apex_one | Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component’s memory protection mechanism has been updated to enhance product security. | 2022-12-12 | 7.5 | CVE-2022-44654 MISC |
microsoft — office | Microsoft Outlook for Mac Spoofing Vulnerability. | 2022-12-13 | 7.5 | CVE-2022-44713 MISC |
interspire — email_marketer | Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthenticated attacker could successfully perform an attack to extract potentially sensitive information from the database if the survey id exists. | 2022-12-09 | 7.5 | CVE-2022-44790 MISC |
open-emr — openemr | Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2. | 2022-12-15 | 7.5 | CVE-2022-4504 MISC CONFIRM |
siemens — siprotec_5_6md85_firmware | A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack. | 2022-12-13 | 7.5 | CVE-2022-45044 CONFIRM |
dragino — lg01_lora_firmware | The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication. | 2022-12-12 | 7.5 | CVE-2022-45227 MISC |
gmaolinx — linx_sphere | A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. | 2022-12-12 | 7.5 | CVE-2022-45269 MISC |
jettison_project — jettison | A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. | 2022-12-13 | 7.5 | CVE-2022-45685 MISC |
hutool — hutool | A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | 2022-12-13 | 7.5 | CVE-2022-45688 MISC MISC |
hutool — hutool | hutool-json v5.8.10 was discovered to contain an out of memory error. | 2022-12-13 | 7.5 | CVE-2022-45689 MISC |
hutool — hutool | A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | 2022-12-13 | 7.5 | CVE-2022-45690 MISC MISC |
jettison_project — jettison | Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | 2022-12-13 | 7.5 | CVE-2022-45693 MISC |
f-secure — atlant | A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request. The exploit can be triggered remotely by an attacker. | 2022-12-13 | 7.5 | CVE-2022-45871 MISC |
zte — zxhn-h108ns_firmware | ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. | 2022-12-12 | 7.5 | CVE-2022-45957 MISC |
tenda — ax12_firmware | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set . | 2022-12-12 | 7.5 | CVE-2022-45979 MISC |
siemens — 6gk5204-0ba00-2mb2_firmware | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products. | 2022-12-13 | 7.5 | CVE-2022-46352 CONFIRM |
siemens — 6gk5204-0ba00-2mb2_firmware | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an “Exposure of Sensitive Information to an Unauthorized Actor” vulnerability by leaking sensitive data in the HTTP Referer. | 2022-12-13 | 7.5 | CVE-2022-46355 CONFIRM |
apache — cxf | A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. | 2022-12-13 | 7.5 | CVE-2022-46363 MISC |
fp_newsletter_project — fp_newsletter | An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations. | 2022-12-14 | 7.5 | CVE-2022-47409 MISC |
fp_newsletter_project — fp_newsletter | An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations. | 2022-12-14 | 7.5 | CVE-2022-47410 MISC |
fp_newsletter_project — fp_newsletter | An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations. | 2022-12-14 | 7.5 | CVE-2022-47411 MISC |
redhat — openshift | Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. | 2022-12-09 | 7.4 | CVE-2022-3259 MISC |
google — android | In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-176094367 | 2022-12-13 | 7.3 | CVE-2022-20442 MISC |
google — android | In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359 | 2022-12-13 | 7.3 | CVE-2022-20501 MISC |
github — enterprise_server | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-12-14 | 7.2 | CVE-2022-23741 MISC MISC MISC MISC |
arubanetworks — arubaos | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2022-12-12 | 7.2 | CVE-2022-37899 MISC |
arubanetworks — arubaos | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2022-12-12 | 7.2 | CVE-2022-37900 MISC |
arubanetworks — arubaos | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2022-12-12 | 7.2 | CVE-2022-37901 MISC |
arubanetworks — arubaos | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2022-12-12 | 7.2 | CVE-2022-37902 MISC |
arubanetworks — edgeconnect_enterprise | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 7.2 | CVE-2022-37920 MISC |
arubanetworks — edgeconnect_enterprise | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 7.2 | CVE-2022-37921 MISC |
arubanetworks — edgeconnect_enterprise | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 7.2 | CVE-2022-37922 MISC |
arubanetworks — edgeconnect_enterprise | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 7.2 | CVE-2022-37923 MISC |
arubanetworks — edgeconnect_enterprise | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 7.2 | CVE-2022-37924 MISC |
buddybadges_project — buddybadges | The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | 2022-12-12 | 7.2 | CVE-2022-3925 MISC MISC |
tibco — jasperreports_server | The JNDI Data Sources component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server – Community Edition, TIBCO JasperReports Server – Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server – Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server – Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0. | 2022-12-13 | 7.2 | CVE-2022-41561 CONFIRM CONFIRM |
deltaww — dx-2100-l1-cn_firmware | Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | 2022-12-14 | 7.2 | CVE-2022-42140 MISC |
arubanetworks — edgeconnect_enterprise | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 7.2 | CVE-2022-43541 MISC |
docsys_project — docsys | A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: ‘../filedir’. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215271. | 2022-12-11 | 7.2 | CVE-2022-4402 N/A N/A N/A |
arubanetworks — edgeconnect_enterprise | A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 7.2 | CVE-2022-44533 MISC |
automotive_shop_management_system_project — automotive_shop_management_system | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php. | 2022-12-09 | 7.2 | CVE-2022-44838 MISC |
dynamic_transaction_queuing_system_project — dynamic_transaction_queuing_system | An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-12-12 | 7.2 | CVE-2022-45275 MISC |
tenda — w20e_firmware | Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. | 2022-12-12 | 7.2 | CVE-2022-45996 MISC |
tenda — w20e_firmware | Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. | 2022-12-12 | 7.2 | CVE-2022-45997 MISC |
aerocms_project — aerocms | The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. | 2022-12-13 | 7.2 | CVE-2022-46051 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=. | 2022-12-14 | 7.2 | CVE-2022-46117 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=. | 2022-12-14 | 7.2 | CVE-2022-46118 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=. | 2022-12-14 | 7.2 | CVE-2022-46119 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=. | 2022-12-14 | 7.2 | CVE-2022-46120 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=. | 2022-12-14 | 7.2 | CVE-2022-46121 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=. | 2022-12-14 | 7.2 | CVE-2022-46122 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=. | 2022-12-14 | 7.2 | CVE-2022-46123 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=. | 2022-12-14 | 7.2 | CVE-2022-46124 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=. | 2022-12-14 | 7.2 | CVE-2022-46125 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=. | 2022-12-14 | 7.2 | CVE-2022-46126 MISC |
helmet_store_showroom_site_project — helmet_store_showroom_site | Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product. | 2022-12-14 | 7.2 | CVE-2022-46127 MISC |
hcltechsw — hcl_workload_automation | HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | 2022-12-12 | 7.1 | CVE-2022-38661 MISC |
iconics — genesis64 | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker. | 2022-12-14 | 7.1 | CVE-2022-40264 MISC MISC MISC MISC |
trendmicro — apex_one | An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-12-12 | 7.1 | CVE-2022-45797 MISC |
google — android | In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-254742984 | 2022-12-13 | 7 | CVE-2021-39660 MISC |
trendmicro — apex_one | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-12-12 | 7 | CVE-2022-44651 MISC MISC |
microsoft — windows_server_2019 | Windows Error Reporting Elevation of Privilege Vulnerability. | 2022-12-13 | 7 | CVE-2022-44669 MISC |
microsoft — windows_10 | Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability. | 2022-12-13 | 7 | CVE-2022-44673 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
amazon — cloudwatch_agent | A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITYSYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they’re able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue. | 2022-12-12 | 6.8 | CVE-2022-23511 MISC MISC |
microsoft — outlook | Outlook for Android Elevation of Privilege Vulnerability. | 2022-12-13 | 6.8 | CVE-2022-24480 MISC |
microsoft — windows_10 | Windows Hyper-V Denial of Service Vulnerability. | 2022-12-13 | 6.8 | CVE-2022-44682 MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability. | 2022-12-13 | 6.6 | CVE-2022-41115 MISC |
arcadyan — vrv9506jac23_firmware | The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router. | 2022-12-14 | 6.5 | CVE-2020-9420 MISC |
google — android | In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228450451 | 2022-12-13 | 6.5 | CVE-2022-20468 MISC |
cisco — ata_190_firmware | A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability. | 2022-12-12 | 6.5 | CVE-2022-20691 MISC |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account – however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | 2022-12-14 | 6.5 | CVE-2022-23501 MISC |
sick — rfu610-10600_firmware | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | 2022-12-13 | 6.5 | CVE-2022-27581 MISC |
arubanetworks — sd-wan | An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller. | 2022-12-12 | 6.5 | CVE-2022-37908 MISC |
arubanetworks — sd-wan | A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system. | 2022-12-12 | 6.5 | CVE-2022-37910 MISC |
hpe — sf100_firmware | Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | 2022-12-12 | 6.5 | CVE-2022-37928 MISC |
secomea — sitemanager_1129_firmware | Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. | 2022-12-13 | 6.5 | CVE-2022-38124 MISC |
canon — vitrea_view | Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter. | 2022-12-09 | 6.5 | CVE-2022-38765 MISC |
car_dealer_project — car_dealer | The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 2022-12-12 | 6.5 | CVE-2022-3879 MISC |
antihacker_project — antihacker | The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 2022-12-12 | 6.5 | CVE-2022-3880 MISC |
wp-memory_project — wp-memory | The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 2022-12-12 | 6.5 | CVE-2022-3882 MISC |
stopbadbots_project — stopbadbots | The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 2022-12-12 | 6.5 | CVE-2022-3883 MISC |
wpwax — directorist | The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. | 2022-12-12 | 6.5 | CVE-2022-3930 MISC |
collne — welcart_e-commerce | The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. | 2022-12-12 | 6.5 | CVE-2022-3946 MISC |
booster — booster_for_woocommerce | The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks | 2022-12-12 | 6.5 | CVE-2022-4016 MISC |
sap — disclosure_management | SAP Disclosure Management – version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can lead to the exposure of data like financial reports. | 2022-12-13 | 6.5 | CVE-2022-41274 MISC MISC |
adobe — campaign | Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. | 2022-12-16 | 6.5 | CVE-2022-42343 MISC |
hcltech — sametime | Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. | 2022-12-12 | 6.5 | CVE-2022-42446 MISC |
arcinformatique — pcvue | An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources. | 2022-12-12 | 6.5 | CVE-2022-4311 MISC |
arubanetworks — edgeconnect_enterprise | An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 6.5 | CVE-2022-43518 MISC |
zend-blog-2_project — zend-blog-2 | A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 36b2d4abe20a6245e4f8df7a4b14e130b24d429d. It is recommended to apply a patch to fix this issue. VDB-215250 is the identifier assigned to this vulnerability. | 2022-12-10 | 6.5 | CVE-2022-4397 N/A N/A |
arubanetworks — edgeconnect_enterprise | An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 6.5 | CVE-2022-44532 MISC |
microsoft — windows_server_2012 | Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41074. | 2022-12-13 | 6.5 | CVE-2022-44679 MISC |
microsoft — windows_server_2012 | Windows Kernel Denial of Service Vulnerability. | 2022-12-13 | 6.5 | CVE-2022-44707 MISC |
aerocms_project — aerocms | AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | 2022-12-13 | 6.5 | CVE-2022-46059 MISC |
siemens — 6gk5622-2gs00-2ac2_firmware | A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= 2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= 2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= 2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= 2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= 2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= 2.3 < V3.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive. | 2022-12-13 | 6.5 | CVE-2022-46144 CONFIRM |
jenkins — sonar_gerrit | A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 2022-12-12 | 6.5 | CVE-2022-46688 MISC |
sick — rfu620-10100_firmware | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | 2022-12-13 | 6.5 | CVE-2022-46832 MISC |
sick — rfu630-04100_firmware | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | 2022-12-13 | 6.5 | CVE-2022-46833 MISC |
sick — rfu650-10100_firmware | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | 2022-12-13 | 6.5 | CVE-2022-46834 MISC |
fp_masterquiz_project — fp_masterquiz | An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user’s answers and modify those answers. | 2022-12-14 | 6.5 | CVE-2022-47407 MISC |
feehi — feehicms | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | 2022-12-15 | 6.1 | CVE-2020-20589 CONFIRM |
feehi — feehicms | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | 2022-12-15 | 6.1 | CVE-2020-36607 CONFIRM |
logrhythm — logrhythm | Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field. | 2022-12-13 | 6.1 | CVE-2021-41943 MISC |
jquery-minicolors_project — jquery-minicolors | A vulnerability was found in claviska jquery-minicolors up to 2.3.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the file jquery.minicolors.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.3.6 is able to address this issue. The name of the patch is ef134824a7f4110ada53ea6c173111a4fa2f48f3. It is recommended to upgrade the affected component. VDB-215306 is the identifier assigned to this vulnerability. | 2022-12-12 | 6.1 | CVE-2021-4243 MISC MISC MISC |
yikesplugins — easy_forms_for_mailchimp | A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 6.8.6 is able to address this issue. The name of the patch is 3662c6593aa1bb4286781214891d26de2e947695. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215307. | 2022-12-12 | 6.1 | CVE-2021-4244 MISC MISC MISC MISC |
hp — integrated_lights-out_5_firmware | Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5. | 2022-12-12 | 6.1 | CVE-2021-46846 MISC |
typo3 — html_sanitizer | HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the upstream package masterminds/html5. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. The upstream package masterminds/html5 provides HTML raw text elements (`script`, `style`, `noframes`, `noembed` and `iframe`) as DOMText nodes, which were not processed and sanitized further. None of the mentioned elements were defined in the default builder configuration, that’s why only custom behaviors, using one of those tag names, were vulnerable to cross-site scripting. This issue has been fixed in versions 1.5.0 and 2.1.1. | 2022-12-13 | 6.1 | CVE-2022-23499 MISC |
rails_html_sanitizer_project — rails_html_sanitizer | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4. | 2022-12-14 | 6.1 | CVE-2022-23518 MISC MISC MISC |
rails_html_sanitizer_project — rails_html_sanitizer | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer’s allowed tags in either of the following ways: allow both “math” and “style” elements, or allow both “svg” and “style” elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include “math” or “svg” and “style” should either upgrade or use the following workaround immediately: Remove “style” from the overridden allowed tags, or remove “math” and “svg” from the overridden allowed tags. | 2022-12-14 | 6.1 | CVE-2022-23519 MISC MISC |
rails_html_sanitizer_project — rails_html_sanitizer | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer’s allowed tags to allow both “select” and “style” elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both “select” and “style” should either upgrade or use this workaround: Remove either “select” or “style” from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize. | 2022-12-14 | 6.1 | CVE-2022-23520 MISC MISC |
zmartzone — mod_auth_openidc | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. | 2022-12-14 | 6.1 | CVE-2022-23527 MISC MISC |
weidmueller — 19_iot_md01_lan_h4_s0011_firmware | Quanos “SCHEMA ST4” example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. other web services in the same environment or execute scripts in the users browser environment. The affected script is ‘*-schema.js’. | 2022-12-14 | 6.1 | CVE-2022-3073 MISC |
ibm — cics_tx | IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461. | 2022-12-12 | 6.1 | CVE-2022-34318 MISC MISC MISC |
arubanetworks — edgeconnect_enterprise | A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 6.1 | CVE-2022-37925 MISC |
hpe — oneview_global_dashboard | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). | 2022-12-12 | 6.1 | CVE-2022-37927 MISC |
niceforyou — linear_emerge_e3_access_control_firmware | Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors. | 2022-12-13 | 6.1 | CVE-2022-38628 MISC |
helloprint — helloprint | The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-12-12 | 6.1 | CVE-2022-3908 MISC |
sap — netweaver_application_server_java | Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) – version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application. | 2022-12-12 | 6.1 | CVE-2022-41262 MISC MISC |
sap — commerce_webservices_2.0 | Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) – versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to steal user tokens and achieve a full account takeover including access to administrative tools in SAP Commerce. | 2022-12-13 | 6.1 | CVE-2022-41266 MISC MISC |
sap — sourcing | Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management – version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP Sourcing URL, since the victim doesn’t suspect the threat, they click on the link, log in to SAP Sourcing and CLM and at this point, they get redirected to a malicious website. | 2022-12-13 | 6.1 | CVE-2022-41273 MISC MISC |
sap — solution_manager | In SAP Solution Manager (Enterprise Search) – versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity. | 2022-12-13 | 6.1 | CVE-2022-41275 MISC MISC |
fs-blog_project — fs-blog | A vulnerability was found in zbl1996 FS-Blog and classified as problematic. This issue affects some unknown processing of the component Title Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-215267. | 2022-12-11 | 6.1 | CVE-2022-4400 MISC MISC |
redmine — redmine | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. | 2022-12-12 | 6.1 | CVE-2022-44031 MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | 2022-12-11 | 6.1 | CVE-2022-4407 CONFIRM MISC |
nuxt — framework | Cross-site Scripting (XSS) – Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | 2022-12-12 | 6.1 | CVE-2022-4413 MISC CONFIRM |
nuxt — framework | Cross-site Scripting (XSS) – DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. | 2022-12-12 | 6.1 | CVE-2022-4414 CONFIRM MISC |
rathena — fluxcp | A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 8a39b2b2bf28353b3503ff1421862393db15aa7e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215304. | 2022-12-12 | 6.1 | CVE-2022-4421 MISC MISC |
resque-scheduler_project — resque-scheduler | Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the “{schedule_job}” or “args” parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side. | 2022-12-13 | 6.1 | CVE-2022-44303 MISC MISC |
ipti — tag | A vulnerability was found in ipti br.tag. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.13.0 is able to address this issue. The name of the patch is 7e311be22d3a0a1b53e61cb987ba13d681d85f06. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215431. | 2022-12-13 | 6.1 | CVE-2022-4444 MISC MISC MISC |
siemens — plm_help_server | A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. | 2022-12-13 | 6.1 | CVE-2022-44575 CONFIRM |
redmine — redmine | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user. | 2022-12-12 | 6.1 | CVE-2022-44637 MISC |
collective.dms.basecontent_project — collective.dms.basecontent | A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent 1.7. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 6c4d616fcc771822a14ebae5e23f3f6d96d134bd. It is recommended to upgrade the affected component. The identifier VDB-215813 was assigned to this vulnerability. | 2022-12-14 | 6.1 | CVE-2022-4495 N/A N/A N/A |
open-emr — openemr | Cross-site Scripting (XSS) – Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. | 2022-12-15 | 6.1 | CVE-2022-4502 MISC CONFIRM |
arris — nvg443b_firmware | A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. | 2022-12-13 | 6.1 | CVE-2022-45028 MISC MISC |
open-emr — openemr | Cross-site Scripting (XSS) – Generic in GitHub repository openemr/openemr prior to 7.0.0.2. | 2022-12-15 | 6.1 | CVE-2022-4503 MISC CONFIRM |
sens_project — sens | SENS v1.0 is vulnerable to Cross Site Scripting (XSS). | 2022-12-12 | 6.1 | CVE-2022-45756 MISC |
aerocms_project — aerocms | AeroCMS v0.0.1 is vulnerable to ClickJacking. | 2022-12-13 | 6.1 | CVE-2022-46061 MISC |
helmet_store_showroom_project — helmet_store_showroom | Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS). | 2022-12-14 | 6.1 | CVE-2022-46073 MISC |
siemens — polarion_alm | A vulnerability has been identified in Polarion ALM (All versions). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites. | 2022-12-13 | 6.1 | CVE-2022-46265 CONFIRM |
siemens — 6gk5204-0ba00-2mb2_firmware | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device. | 2022-12-13 | 6.1 | CVE-2022-46350 CONFIRM |
niceforyou — linear_emerge_e3_access_control_firmware | Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. | 2022-12-13 | 6.1 | CVE-2022-46381 MISC |
jenkins — google_login | Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | 2022-12-12 | 6.1 | CVE-2022-46683 MISC |
websoft — websoft_hcm | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user’s browser, including scripts in the JavaScript programming language, which leads to Reflected XSS. | 2022-12-12 | 6.1 | CVE-2022-46905 MISC |
sap — business_objects_business_intelligence_platform | Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) – version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS’s scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability. | 2022-12-12 | 6 | CVE-2022-31596 MISC MISC |
wordpress — wordpress | WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. | 2022-12-14 | 5.9 | CVE-2022-3590 MISC MISC |
wptools_project — wptools | The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | 2022-12-12 | 5.7 | CVE-2022-3881 MISC |
google — android | In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606 | 2022-12-13 | 5.5 | CVE-2021-0934 MISC |
google — android | In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user’s password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730 | 2022-12-13 | 5.5 | CVE-2022-20466 MISC |
google — android | In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238177877 | 2022-12-13 | 5.5 | CVE-2022-20471 MISC |
google — android | In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919 | 2022-12-13 | 5.5 | CVE-2022-20476 MISC |
google — android | In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240422263 | 2022-12-13 | 5.5 | CVE-2022-20482 MISC |
google — android | In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273 | 2022-12-13 | 5.5 | CVE-2022-20496 MISC |
google — android | In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168 | 2022-12-13 | 5.5 | CVE-2022-20500 MISC |
google — android | In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222166527 | 2022-12-13 | 5.5 | CVE-2022-20502 MISC |
linux-loader_project — linux-loader | In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file. | 2022-12-13 | 5.5 | CVE-2022-23523 MISC MISC |
qualcomm — aqt1000_firmware | Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-12-13 | 5.5 | CVE-2022-25675 CONFIRM |
westerndigital — my_cloud_os | Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | 2022-12-09 | 5.5 | CVE-2022-29839 MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference. | 2022-12-14 | 5.5 | CVE-2022-3104 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | 2022-12-14 | 5.5 | CVE-2022-3105 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). | 2022-12-14 | 5.5 | CVE-2022-3106 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. | 2022-12-14 | 5.5 | CVE-2022-3107 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | 2022-12-14 | 5.5 | CVE-2022-3108 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference. | 2022-12-14 | 5.5 | CVE-2022-3110 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). | 2022-12-14 | 5.5 | CVE-2022-3111 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | 2022-12-14 | 5.5 | CVE-2022-3112 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. | 2022-12-14 | 5.5 | CVE-2022-3113 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference. | 2022-12-14 | 5.5 | CVE-2022-3114 MISC MISC |
linux — linux_kernel | An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | 2022-12-14 | 5.5 | CVE-2022-3115 MISC MISC |
vmware — vcenter_server | The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | 2022-12-13 | 5.5 | CVE-2022-31697 MISC |
arubanetworks — sd-wan | Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. | 2022-12-12 | 5.5 | CVE-2022-37911 MISC |
hpe — sf100_firmware | Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | 2022-12-12 | 5.5 | CVE-2022-37929 MISC |
hpe — sf100_firmware | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. | 2022-12-12 | 5.5 | CVE-2022-37930 MISC |
daikinlatam — svmpc2 | Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication. | 2022-12-13 | 5.5 | CVE-2022-38355 MISC |
microsoft — windows_server_2008 | Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-44679. | 2022-12-13 | 5.5 | CVE-2022-41074 MISC |
sap — solution_manager | SAP Solution Manager (Diagnostic Agent) – version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized. | 2022-12-12 | 5.5 | CVE-2022-41261 MISC MISC |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2022-12-13 | 5.5 | CVE-2022-41278 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2022-12-13 | 5.5 | CVE-2022-41279 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2022-12-13 | 5.5 | CVE-2022-41280 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2022-12-13 | 5.5 | CVE-2022-41287 CONFIRM |
siemens — teamcenter_visualization | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2022-12-13 | 5.5 | CVE-2022-41288 CONFIRM |
arcinformatique — pcvue | A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card. | 2022-12-12 | 5.5 | CVE-2022-4312 MISC |
adobe — illustrator | Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-12-16 | 5.5 | CVE-2022-44498 MISC |
adobe — illustrator | Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-12-16 | 5.5 | CVE-2022-44499 MISC |
adobe — illustrator | Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-12-16 | 5.5 | CVE-2022-44500 MISC |
adobe — illustrator | Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-12-16 | 5.5 | CVE-2022-44502 MISC |
trendmicro — apex_one | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648. | 2022-12-12 | 5.5 | CVE-2022-44647 MISC MISC |
trendmicro — apex_one | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647. | 2022-12-12 | 5.5 | CVE-2022-44648 MISC MISC |
microsoft — windows_10 | Windows Bluetooth Driver Information Disclosure Vulnerability. | 2022-12-13 | 5.5 | CVE-2022-44674 MISC |
azure — network_watcher_agent | Azure Network Watcher Agent Security Feature Bypass Vulnerability. | 2022-12-13 | 5.5 | CVE-2022-44699 MISC |
wasm3_project — wasm3 | wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h. | 2022-12-13 | 5.5 | CVE-2022-44874 MISC |
siemens — 6gk5204-0ba00-2mb2_firmware | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). | 2022-12-13 | 5.5 | CVE-2022-46351 CONFIRM |
arcadyan — vrv9506jac23_firmware | Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard. | 2022-12-14 | 5.4 | CVE-2020-9419 MISC |
feehi — feehicms | File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload. | 2022-12-15 | 5.4 | CVE-2021-36573 MISC |
ibm — api_connect | IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213212. | 2022-12-12 | 5.4 | CVE-2021-38997 MISC MISC |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1. | 2022-12-14 | 5.4 | CVE-2022-23502 MISC |
symantec — messaging_gateway | An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column) | 2022-12-09 | 5.4 | CVE-2022-25629 MISC |
symantec — messaging_gateway | An authenticated user can embed malicious content with XSS into the admin group policy page. | 2022-12-09 | 5.4 | CVE-2022-25630 MISC |
yiiframework — gii | Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. | 2022-12-09 | 5.4 | CVE-2022-34297 MISC |
arubanetworks — edgeconnect_enterprise | A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | 2022-12-12 | 5.4 | CVE-2022-37926 MISC |
supra-csv-parser_project — supra-csv-parser | Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. | 2022-12-12 | 5.4 | CVE-2022-3853 MISC |
g5theme — essential_real_estate | The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. | 2022-12-12 | 5.4 | CVE-2022-3933 MISC |
mehanoid — flat_pm | The Flat PM WordPress plugin through 2.661 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. | 2022-12-12 | 5.4 | CVE-2022-3934 MISC |
collne — welcart_e-commerce | The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | 2022-12-12 | 5.4 | CVE-2022-3935 MISC |
donation_button_project — donation_button | The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | 2022-12-12 | 5.4 | CVE-2022-4005 MISC |
ibm — cloud_transformation_advisor | IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | 2022-12-09 | 5.4 | CVE-2022-41299 MISC MISC |
tibco — jasperreports_server | The Dashboard component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server – Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server – Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0. | 2022-12-13 | 5.4 | CVE-2022-41563 CONFIRM CONFIRM |
oxilab — image_hover_effects_ultimate | The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin’s features available to lower privileged users through the ‘Who Can Edit?’ setting then this can be exploited by those users. | 2022-12-13 | 5.4 | CVE-2022-4207 MISC MISC MISC |
deltaww — dx-2100-l1-cn_firmware | Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. | 2022-12-14 | 5.4 | CVE-2022-42141 MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 5.4 | CVE-2022-42360 MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 5.4 | CVE-2022-42367 MISC |
bt — baota | In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. | 2022-12-09 | 5.4 | CVE-2022-4336 MISC |
s-cms — s-cms | A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. | 2022-12-09 | 5.4 | CVE-2022-4377 N/A N/A |
pyrdfa3_project — pyrdfa3 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2022-12-10 | 5.4 | CVE-2022-4396 N/A N/A N/A |
csaf_provider_project — csaf_provider | The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory. | 2022-12-13 | 5.4 | CVE-2022-43996 MISC |
pallidlight_online_course_selection_system_project — pallidlight_online_course_selection_system | A vulnerability was found in pallidlight online-course-selection-system. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-215268. | 2022-12-11 | 5.4 | CVE-2022-4401 MISC MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | 2022-12-11 | 5.4 | CVE-2022-4408 CONFIRM MISC |
permalink_manager_lite_project — permalink_manager_lite | The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts. | 2022-12-14 | 5.4 | CVE-2022-4410 MISC MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 5.4 | CVE-2022-44462 MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 5.4 | CVE-2022-44468 MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 5.4 | CVE-2022-44469 MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 5.4 | CVE-2022-44473 MISC |
microsoft — windows_10 | Windows SmartScreen Security Feature Bypass Vulnerability. | 2022-12-13 | 5.4 | CVE-2022-44698 MISC |
siemens — simatic_wincc_oa | A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker’s credentials or start a Ctrl script). | 2022-12-13 | 5.4 | CVE-2022-44731 CONFIRM |
sens_project — sens | SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister. | 2022-12-12 | 5.4 | CVE-2022-45758 MISC |
alist_project — alist | Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board. | 2022-12-12 | 5.4 | CVE-2022-45970 MISC |
jenkins — checkmarx | Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability. | 2022-12-12 | 5.4 | CVE-2022-46684 MISC |
jenkins — custom_build_properties | Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values. | 2022-12-12 | 5.4 | CVE-2022-46686 MISC |
jenkins — spring_config | Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names. | 2022-12-12 | 5.4 | CVE-2022-46687 MISC |
websoft — websoft_hcm | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user’s browser, including scripts in the JavaScript programming language, which leads to Stored XSS. | 2022-12-12 | 5.4 | CVE-2022-46903 MISC |
websoft — websoft_hcm | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user’s browser, including scripts in the JavaScript programming language, which leads to Self-XSS. | 2022-12-12 | 5.4 | CVE-2022-46904 MISC |
websoft — websoft_hcm | Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user’s browser, including scripts in the JavaScript programming language, which leads to Reflected XSS. | 2022-12-12 | 5.4 | CVE-2022-46906 MISC |
cisco — ata_190_firmware | Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition. | 2022-12-12 | 5.3 | CVE-2022-20686 MISC |
cisco — ata_190_firmware | Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition. | 2022-12-12 | 5.3 | CVE-2022-20687 MISC |
cisco — ata_190_firmware | A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause Cisco Discovery Protocol to restart unexpectedly, resulting in a DoS condition. | 2022-12-12 | 5.3 | CVE-2022-20688 MISC |
vmware — vcenter_server | The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. | 2022-12-13 | 5.3 | CVE-2022-31698 MISC |
arubanetworks — sd-wan | Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. | 2022-12-12 | 5.3 | CVE-2022-37909 MISC |
updraftplus — all-in-one_security | The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | 2022-12-12 | 5.3 | CVE-2022-4097 MISC |
funkwhale — funkwhale | User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. | 2022-12-09 | 5.3 | CVE-2022-45292 MISC |
boa — boa | Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | 2022-12-12 | 5.3 | CVE-2022-45956 MISC |
siemens — 6gk5204-0ba00-2mb2_firmware | A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. | 2022-12-13 | 5.3 | CVE-2022-46354 CONFIRM |
ibm — power_system_ac922_(8335-gtg)_firmware | IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337. | 2022-12-12 | 4.9 | CVE-2022-22488 MISC MISC |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | 2022-12-14 | 4.9 | CVE-2022-23504 MISC |
broadcom — brocade_sannav | Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information. | 2022-12-09 | 4.9 | CVE-2022-33187 MISC |
hcltechsw — hcl_launch | HCL Launch could allow a user with administrative privileges, including “Manage Security” permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. | 2022-12-12 | 4.9 | CVE-2022-42445 MISC |
aerocms_project — aerocms | AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. | 2022-12-13 | 4.9 | CVE-2022-46047 MISC |
medtronic — guardian_link_2_transmitter_mmt-7730_firmware | A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance | 2022-12-12 | 4.8 | CVE-2022-32537 MISC MISC |
getyourguide_ticketing_project — getyourguide_ticketing | The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-12-12 | 4.8 | CVE-2022-3609 MISC |
livemeshelementor — addons_for_elementor | The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-12 | 4.8 | CVE-2022-3862 MISC |
whitestudio — easy_form_builder | The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-12 | 4.8 | CVE-2022-3906 MISC |
automattic — jetpack_crm | The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-12-12 | 4.8 | CVE-2022-3919 MISC |
dpdgroup — woocommerce_shipping | The WooCommerce Shipping WordPress plugin through 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-12 | 4.8 | CVE-2022-4000 MISC |
webdevocean — image_hover_effects | The Image Hover Effects WordPress plugin through 5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2022-12-12 | 4.8 | CVE-2022-4010 MISC |
zkteco — automatic_data_master_server | ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | 2022-12-09 | 4.8 | CVE-2022-44213 MISC |
aerocms_project — aerocms | AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | 2022-12-13 | 4.8 | CVE-2022-46058 MISC |
google — android | In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979 | 2022-12-13 | 4.6 | CVE-2022-20497 MISC |
westerndigital — my_cloud_os | Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | 2022-12-09 | 4.6 | CVE-2022-29838 MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 4.6 | CVE-2022-35694 MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 4.6 | CVE-2022-35696 MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2022-12-16 | 4.6 | CVE-2022-42366 MISC |
gym_management_system_project — gym_management_system | Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | 2022-12-13 | 4.5 | CVE-2022-46062 MISC |
google — android | In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239701237 | 2022-12-13 | 4.4 | CVE-2022-20449 MISC |
google — android | In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246465319 | 2022-12-13 | 4.4 | CVE-2022-20498 MISC |
enalean — tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6. | 2022-12-13 | 4.3 | CVE-2022-23473 MISC MISC MISC |
donation_button_project — donation_button | The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its “donation_button_twilio_send_test_sms” AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin’s Twilio integration to send SMSes to arbitrary phone numbers. | 2022-12-12 | 4.3 | CVE-2022-4004 MISC |
sap — business_objects_business_intelligence_platform | Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) – versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. | 2022-12-12 | 4.3 | CVE-2022-41263 MISC MISC |
adobe — experience_manager | Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to disclose low level confidentiality information. Exploitation of this issue does not require user interaction. | 2022-12-16 | 4.3 | CVE-2022-42351 MISC |
m-files — m-files | Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. | 2022-12-09 | 4.3 | CVE-2022-4264 MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Spoofing Vulnerability. | 2022-12-13 | 4.3 | CVE-2022-44688 MISC |
open-emr — openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | 2022-12-15 | 4.3 | CVE-2022-4505 CONFIRM MISC |
enalean — tuleap | Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project “homepage”/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget…). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5. | 2022-12-13 | 4.3 | CVE-2022-46160 MISC MISC MISC |
gitea — gitea | In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. | 2022-12-12 | 4.3 | CVE-2022-46685 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
sentry — sentry | Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`). | 2022-12-10 | 3.7 | CVE-2022-23485 MISC |
dragino — lg01_lora_firmware | Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page. | 2022-12-12 | 3.5 | CVE-2022-45228 MISC |
vmware — esxi | VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure. | 2022-12-13 | 3.3 | CVE-2022-31699 MISC |
google — android | In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105 | 2022-12-13 | 2.3 | CVE-2022-20240 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
pacparser — pacparser | A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443. | 2022-12-13 | not yet calculated | CVE-2019-25078 MISC MISC MISC MISC |
zhimengzhe — ibarn | File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php. | 2022-12-15 | not yet calculated | CVE-2020-20588 MISC |
netgate — multiple_products | Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. | 2022-12-15 | not yet calculated | CVE-2020-21219 MISC MISC |
easywebpack-cli — easywebpack-cli | Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request. | 2022-12-15 | not yet calculated | CVE-2020-24855 MISC |
ibm — spectrum_protect_plus | IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106. | 2022-12-14 | not yet calculated | CVE-2020-4497 MISC MISC |
apache — zeppelin | The improper Input Validation vulnerability in “”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | 2022-12-16 | not yet calculated | CVE-2021-28655 MISC |
sourcecodester — online_grading_system | A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter. | 2022-12-16 | not yet calculated | CVE-2021-31650 MISC |
inikulin — replicator | A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object. | 2022-12-15 | not yet calculated | CVE-2021-33420 MISC MISC MISC MISC |
hp — omen_gaming_hub_sdk | Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities. | 2022-12-12 | not yet calculated | CVE-2021-3437 MISC |
solarwinds — serv-u_ftp_server | Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | 2022-12-16 | not yet calculated | CVE-2021-35252 MISC MISC MISC |
feehi_cms — feehi_cms | Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page. | 2022-12-15 | not yet calculated | CVE-2021-36572 MISC |
hp — workstation_bios | A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. | 2022-12-12 | not yet calculated | CVE-2021-3661 MISC |
ruoyi — ruoyi | Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. | 2022-12-16 | not yet calculated | CVE-2021-38241 MISC |
hp — multiple_products | A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability. | 2022-12-12 | not yet calculated | CVE-2021-3919 MISC |
hp — multiple_products | Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. | 2022-12-12 | not yet calculated | CVE-2021-3942 MISC |
seacms — seacms | An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. | 2022-12-15 | not yet calculated | CVE-2021-39426 MISC |
188jianzhan — 188jianzhan | Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php. | 2022-12-15 | not yet calculated | CVE-2021-39427 MISC |
eyoucms — eyoucms | Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | 2022-12-15 | not yet calculated | CVE-2021-39428 MISC |
rsfirewall — rsfirewall | RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented. | 2022-12-15 | not yet calculated | CVE-2021-4226 MISC |
chbrown — rfc6902 | A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883. | 2022-12-15 | not yet calculated | CVE-2021-4245 N/A N/A N/A |
roxlukas — lmeve | A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is 29e1ead3bb1c1fad53b77dfc14534496421c5b5d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216176. | 2022-12-17 | not yet calculated | CVE-2021-4246 N/A N/A |
hp — jumpstart | A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software. | 2022-12-12 | not yet calculated | CVE-2022-1038 MISC |
google — android | In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199291025 | 2022-12-16 | not yet calculated | CVE-2022-20199 MISC |
google — android | In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772890 | 2022-12-16 | not yet calculated | CVE-2022-20503 MISC |
google — android | In multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and dismissal of system dialogs with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225878553 | 2022-12-16 | not yet calculated | CVE-2022-20504 MISC |
google — android | In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754 | 2022-12-16 | not yet calculated | CVE-2022-20505 MISC |
google — android | In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034 | 2022-12-16 | not yet calculated | CVE-2022-20506 MISC |
google — android | In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179 | 2022-12-16 | not yet calculated | CVE-2022-20507 MISC |
google — android | In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-218679614 | 2022-12-16 | not yet calculated | CVE-2022-20508 MISC |
google — android | In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713317 | 2022-12-16 | not yet calculated | CVE-2022-20509 MISC |
google — android | In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822336 | 2022-12-16 | not yet calculated | CVE-2022-20510 MISC |
google — android | In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829 | 2022-12-16 | not yet calculated | CVE-2022-20511 MISC |
google — android | In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238602879 | 2022-12-16 | not yet calculated | CVE-2022-20512 MISC |
google — android | In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759 | 2022-12-16 | not yet calculated | CVE-2022-20513 MISC |
google — android | In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875 | 2022-12-16 | not yet calculated | CVE-2022-20514 MISC |
google — android | In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496 | 2022-12-16 | not yet calculated | CVE-2022-20515 MISC |
google — android | In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331 | 2022-12-16 | not yet calculated | CVE-2022-20516 MISC |
google — android | In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956 | 2022-12-16 | not yet calculated | CVE-2022-20517 MISC |
google — android | In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203 | 2022-12-16 | not yet calculated | CVE-2022-20518 MISC |
google — android |
In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678 | 2022-12-16 | not yet calculated | CVE-2022-20519 MISC |
google — android | In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202 | 2022-12-16 | not yet calculated | CVE-2022-20520 MISC |
google — android | In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684 | 2022-12-16 | not yet calculated | CVE-2022-20521 MISC |
google — android | In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877 | 2022-12-16 | not yet calculated | CVE-2022-20522 MISC |
google — android | In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228222508 | 2022-12-16 | not yet calculated | CVE-2022-20523 MISC |
google — android | In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-228523213 | 2022-12-16 | not yet calculated | CVE-2022-20524 MISC |
google — android | In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742768 | 2022-12-16 | not yet calculated | CVE-2022-20525 MISC |
google — android | In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774 | 2022-12-16 | not yet calculated | CVE-2022-20526 MISC |
google — android | In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861 | 2022-12-16 | not yet calculated | CVE-2022-20527 MISC |
google — android | In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711 | 2022-12-16 | not yet calculated | CVE-2022-20528 MISC |
google — android | In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603 | 2022-12-16 | not yet calculated | CVE-2022-20529 MISC |
google — android | In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645 | 2022-12-16 | not yet calculated | CVE-2022-20530 MISC |
google — android | In placeCall of TelecomManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231988638 | 2022-12-16 | not yet calculated | CVE-2022-20531 MISC |
google — android | In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363 | 2022-12-16 | not yet calculated | CVE-2022-20533 MISC |
google — android | In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242 | 2022-12-16 | not yet calculated | CVE-2022-20535 MISC |
google — android | In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180 | 2022-12-16 | not yet calculated | CVE-2022-20536 MISC |
google — android | In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169 | 2022-12-16 | not yet calculated | CVE-2022-20537 MISC |
google — android | In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770 | 2022-12-16 | not yet calculated | CVE-2022-20538 MISC |
google — android | In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425 | 2022-12-16 | not yet calculated | CVE-2022-20539 MISC |
google — android | In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506 | 2022-12-16 | not yet calculated | CVE-2022-20540 MISC |
google — android | In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126 | 2022-12-16 | not yet calculated | CVE-2022-20541 MISC |
google — android | In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238178261 | 2022-12-16 | not yet calculated | CVE-2022-20543 MISC |
google — android | In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070 | 2022-12-16 | not yet calculated | CVE-2022-20544 MISC |
google — android | In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-239368697 | 2022-12-16 | not yet calculated | CVE-2022-20545 MISC |
google — android | In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240266798 | 2022-12-16 | not yet calculated | CVE-2022-20546 MISC |
google — android | In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753 | 2022-12-16 | not yet calculated | CVE-2022-20547 MISC |
google — android | In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398 | 2022-12-16 | not yet calculated | CVE-2022-20548 MISC |
google — android | In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451 | 2022-12-16 | not yet calculated | CVE-2022-20549 MISC |
google — android | In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514 | 2022-12-16 | not yet calculated | CVE-2022-20550 MISC |
google — android | In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806 | 2022-12-16 | not yet calculated | CVE-2022-20552 MISC |
google — android | In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265 | 2022-12-16 | not yet calculated | CVE-2022-20553 MISC |
google — android | In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596 | 2022-12-16 | not yet calculated | CVE-2022-20554 MISC |
google — android | In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233 | 2022-12-16 | not yet calculated | CVE-2022-20555 MISC |
google — android | In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667 | 2022-12-16 | not yet calculated | CVE-2022-20556 MISC |
google — android | In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734 | 2022-12-16 | not yet calculated | CVE-2022-20557 MISC |
google — android | In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289 | 2022-12-16 | not yet calculated | CVE-2022-20558 MISC |
google — android | In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967 | 2022-12-16 | not yet calculated | CVE-2022-20559 MISC |
google — android | Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20560 MISC |
google — android | In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20561 MISC |
google — android | In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20562 MISC |
google — android | In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242067561References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20563 MISC |
google — android | In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20564 MISC |
google — android | In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel | 2022-12-16 | not yet calculated | CVE-2022-20566 MISC |
google — android | In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186777253References: Upstream kernel | 2022-12-16 | not yet calculated | CVE-2022-20567 MISC |
google — android | In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel | 2022-12-16 | not yet calculated | CVE-2022-20568 MISC |
google — android | In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-229258234References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20569 MISC |
google — android | Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20570 MISC |
google — android | In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel | 2022-12-16 | not yet calculated | CVE-2022-20571 MISC |
google — android | In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel | 2022-12-16 | not yet calculated | CVE-2022-20572 MISC |
google — android | In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237582191References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20574 MISC |
google — android | In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237585040References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20575 MISC |
google — android | In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701761References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20576 MISC |
google — android | In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762281References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20577 MISC |
google — android | In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509749References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20578 MISC |
google — android | In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243510139References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20579 MISC |
google — android | In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243629453References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20580 MISC |
google — android | In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20581 MISC |
google — android | In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233645166References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20582 MISC |
google — android | In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in S-EL1 with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234859169References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20583 MISC |
google — android | In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238366009References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20584 MISC |
google — android | In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238716781References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20585 MISC |
google — android | In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238718854References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20586 MISC |
google — android | In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238720411References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20587 MISC |
google — android | In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238785915References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20588 MISC |
google — android | In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238841928References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20589 MISC |
google — android | In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238932493References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20590 MISC |
google — android | In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20591 MISC |
google — android | In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238976908References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20592 MISC |
google — android | In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415809References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20593 MISC |
google — android | In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239567689References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20594 MISC |
google — android | In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700137References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20595 MISC |
google — android | In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700400References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20596 MISC |
google — android | In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20597 MISC |
google — android | In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20598 MISC |
google — android | In Pixel firmware, there is a possible exposure of sensitive memory due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332706References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20599 MISC |
google — android | In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239847859References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20600 MISC |
google — android | Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20601 MISC |
google — android | Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20602 MISC |
google — android | In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219265339References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20603 MISC |
google — android | In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20604 MISC |
google — android | In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231722405References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20605 MISC |
google — android | In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20606 MISC |
google — android | In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238914868References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20607 MISC |
google — android | In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20608 MISC |
google — android | In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239240808References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20609 MISC |
google — android | In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with LTE authentication needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240462530References: N/A | 2022-12-16 | not yet calculated | CVE-2022-20610 MISC |
qualcomm — snapdragon | Memory corruption in Core due to improper configuration in boot remapper. | 2022-12-15 | not yet calculated | CVE-2022-22063 MISC |
codex-team — editor.js | Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0. | 2022-12-15 | not yet calculated | CVE-2022-23474 MISC MISC |
bigbluebutton — bigbluebutton |
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers’ webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds. | 2022-12-17 | not yet calculated | CVE-2022-23488 MISC MISC |
bigbluebutton — bigbluebutton | BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds. | 2022-12-16 | not yet calculated | CVE-2022-23490 MISC MISC |
informalsystems — tendermint-rs | Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds. | 2022-12-15 | not yet calculated | CVE-2022-23507 MISC |
flavorjones — loofah | Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. | 2022-12-14 | not yet calculated | CVE-2022-23514 MISC MISC |
flavorjones — loofah |
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1. | 2022-12-14 | not yet calculated | CVE-2022-23515 MISC MISC MISC |
flavorjones — loofah | Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized. | 2022-12-14 | not yet calculated | CVE-2022-23516 MISC |
helm — helm |
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won’t create large arrays causing significant memory usage before passing them to the _strvals_ functions. | 2022-12-15 | not yet calculated | CVE-2022-23524 MISC |
helm — helm | Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions. | 2022-12-15 | not yet calculated | CVE-2022-23525 MISC MISC |
helm — helm | Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions. | 2022-12-15 | not yet calculated | CVE-2022-23526 MISC MISC |
datadog — guarddog | GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpack_archive() from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. This issue is patched in version 0.1.8. Potential workarounds include using a safer module, like zipfile, and validating the location of the extracted files and discarding those with malicious paths. | 2022-12-16 | not yet calculated | CVE-2022-23530 MISC MISC MISC |
datadog — guarddog | GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. | 2022-12-17 | not yet calculated | CVE-2022-23531 MISC MISC MISC |
wordpress — wordpress | The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the ‘tp_translation’ AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the “Who can translate” setting under the “Settings” tab. However, this option is largely ignored, if Transposh has enabled its “autotranslate” feature (it’s enabled by default) and the HTTP POST parameter “sr0” is larger than 0. This is caused by a faulty validation in “wp/transposh_db.php.” | 2022-12-15 | not yet calculated | CVE-2022-2536 MISC MISC MISC MISC MISC MISC MISC |
broadcom — symantec_identity_governance_and_administration | An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. | 2022-12-16 | not yet calculated | CVE-2022-25626 MISC |
broadcom — symantec_identity_governance_and_administration | An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 | 2022-12-16 | not yet calculated | CVE-2022-25627 MISC |
broadcom — symantec_identity_governance_and_administration | An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 | 2022-12-16 | not yet calculated | CVE-2022-25628 MISC |
cyshield — multiple_products | PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root privileged attackers to install an unsigned application by copying the APK to /data/app, setting the appropriate permissions and rebooting the device. | 2022-12-16 | not yet calculated | CVE-2022-26579 MISC |
cyshield — multiple_products | PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 was discovered to be vulnerable to command injection. | 2022-12-16 | not yet calculated | CVE-2022-26580 MISC |
cyshield — multiple_products | The ADB daemon in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows the execution of the systool utility in production mode, allowing unauthenticated attackers to perform privileged actions. | 2022-12-16 | not yet calculated | CVE-2022-26581 MISC |
cyshield — multiple_products | The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root. | 2022-12-16 | not yet calculated | CVE-2022-26582 MISC |
lansweeper — lansweeper | A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-27498 MISC |
lansweeper — lansweeper |
A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-28703 MISC |
altair — hyperview_player |
Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. | 2022-12-13 | not yet calculated | CVE-2022-2950 MISC |
altair — hyperview_player |
Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption. | 2022-12-13 | not yet calculated | CVE-2022-2951 MISC |
lansweeper — lansweeper | A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-29511 MISC |
lansweeper — lansweeper | A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-29517 MISC |
delta_electronics — dopsoft | Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions. | 2022-12-16 | not yet calculated | CVE-2022-2966 MISC |
ffmpeg — ffmpeg | An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause the null pointer dereference, impacting confidentiality and availability. | 2022-12-16 | not yet calculated | CVE-2022-3109 MISC MISC |
rockwell_automation — multiple_logix_controllers |
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). | 2022-12-16 | not yet calculated | CVE-2022-3157 MISC |
rockwell_automation — multiple_products | Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device | 2022-12-16 | not yet calculated | CVE-2022-3166 MISC |
vmware — multiple_products |
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | 2022-12-14 | not yet calculated | CVE-2022-31700 MISC |
vmware — multiple_products |
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | 2022-12-14 | not yet calculated | CVE-2022-31701 MISC |
vmware — multiple_products |
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | 2022-12-14 | not yet calculated | CVE-2022-31705 MISC |
vmware — vrealize_operations | vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | 2022-12-16 | not yet calculated | CVE-2022-31707 MISC |
vmware — vrealize_operations | vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | 2022-12-16 | not yet calculated | CVE-2022-31708 MISC |
apache — bookkeeper_java_client |
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1. | 2022-12-15 | not yet calculated | CVE-2022-32531 MISC |
lansweeper — lansweeper | A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-32573 MISC |
lansweeper — lansweeper | A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-32763 MISC |
apple — ios |
An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history. | 2022-12-15 | not yet calculated | CVE-2022-32833 MISC |
apple — multiple_products | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-32860 MISC MISC MISC |
apple — ios | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may be able to disclose kernel memory. | 2022-12-15 | not yet calculated | CVE-2022-32916 MISC |
apple — multiple_products |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-32942 MISC MISC MISC |
apple — multiple_products |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. | 2022-12-15 | not yet calculated | CVE-2022-32943 MISC MISC |
apple — macos_ventura | An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. | 2022-12-15 | not yet calculated | CVE-2022-32945 MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-32948 MISC MISC |
wordpress — wordpress | The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger the deletion of ads via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2022-12-15 | not yet calculated | CVE-2022-3427 MISC MISC MISC |
emby_server — emby_server |
In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account. | 2022-12-16 | not yet calculated | CVE-2022-36223 MISC |
hp — multiple_products | A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability. | 2022-12-12 | not yet calculated | CVE-2022-37018 MISC |
jumpsec — mutiny | Mutiny 7.2.0-10788 suffers from Hardcoded root password. | 2022-12-16 | not yet calculated | CVE-2022-37832 MISC |
solarwinds — serv-u |
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | 2022-12-16 | not yet calculated | CVE-2022-38106 MISC MISC MISC |
logrocket — logrocket-oauth2-example | logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter. | 2022-12-14 | not yet calculated | CVE-2022-38488 MISC MISC MISC MISC MISC |
micro_focus — groupwise_web | A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. | 2022-12-16 | not yet calculated | CVE-2022-38756 MISC |
motorola — mobility_motorola | Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data. | 2022-12-14 | not yet calculated | CVE-2022-3917 MISC |
wordpress — wordpress | The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim’s WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload. | 2022-12-12 | not yet calculated | CVE-2022-3989 MISC |
feehicms — feehicms | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page. | 2022-12-15 | not yet calculated | CVE-2022-40000 MISC |
feehicms — feehicms | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. | 2022-12-15 | not yet calculated | CVE-2022-40001 MISC |
feehicms — feehicms | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. | 2022-12-15 | not yet calculated | CVE-2022-40002 MISC |
things_board — things_board | Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log. | 2022-12-15 | not yet calculated | CVE-2022-40004 MISC |
feehicms — feehicms | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file. | 2022-12-15 | not yet calculated | CVE-2022-40373 MISC |
satellite_server — satellite_server | A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker’s server by modifying the Referer header in an HTTP request of specific resources in the server. | 2022-12-16 | not yet calculated | CVE-2022-4130 MISC |
netty — netty | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. | 2022-12-12 | not yet calculated | CVE-2022-41881 MISC |
netty — netty | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values. | 2022-12-13 | not yet calculated | CVE-2022-41915 MISC |
bigbluebutton — bigbluebutton | BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim’s userId, meetingId, and an invalid authToken. This forces the victim to leave the conference, because the resulting verification failure is also observed and handled by the victim’s client. The attacker must be a participant in any meeting on the server. This issue is patched in version 2.4.3. There are no workarounds. | 2022-12-16 | not yet calculated | CVE-2022-41960 MISC MISC MISC |
bigbluebutton — bigbluebutton | BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered users from the same extId. This issue has been fixed by improving permissions such that banning a user removes all users related to their extId, including registered users that have not joined the meeting. This issue is patched in versions 2.4-rc-6 and 2.5-alpha-1. There are no workarounds. | 2022-12-16 | not yet calculated | CVE-2022-41961 MISC MISC MISC |
bigbluebutton — bigbluebutton | BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds. | 2022-12-16 | not yet calculated | CVE-2022-41962 MISC MISC MISC |
bigbluebutton — bigbluebutton | BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a meeting participant. This issue is patched in version 2.4.3 an version 2.5-alpha-1 | 2022-12-16 | not yet calculated | CVE-2022-41963 MISC MISC |
bigbluebutton — bigbluebutton | BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds. | 2022-12-16 | not yet calculated | CVE-2022-41964 MISC MISC |
contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in this stack, which causes the implementation to dereference a NULL pointer and triggers undefined behavior. More specifically, while processing the L2CAP protocol, the implementation maps an incoming channel ID to its metadata structure. In this structure, state information regarding credits is managed through calls to the function input_l2cap_credit in the module os/net/mac/ble/ble-l2cap.c. Unfortunately, the input_l2cap_credit function does not check that the metadata corresponding to the user-supplied channel ID actually exists, which can lead to the channel variable being set to NULL before a pointer dereferencing operation is performed. The vulnerability has been patched in the “develop” branch of Contiki-NG, and will be included in release 4.9. Users can apply the patch in Contiki-NG pull request #2253 as a workaround until the new package is released. | 2022-12-16 | not yet calculated | CVE-2022-41972 MISC MISC |
poweriso — poweriso | A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability. | 2022-12-16 | not yet calculated | CVE-2022-41992 MISC |
pgadmin — pgadmin | The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server. | 2022-12-13 | not yet calculated | CVE-2022-4223 MISC FEDORA |
google — android | In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42501 MISC |
google — android | In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231970References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42502 MISC |
google — android | In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231983References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42503 MISC |
google — android | In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42504 MISC |
google — android | In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232492References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42505 MISC |
google — android | In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388399References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42506 MISC |
google — android | In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42507 MISC |
google — android | In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388966References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42508 MISC |
google — android | In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241544307References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42509 MISC |
google — android | In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762656References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42510 MISC |
google — android | In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241762712References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42511 MISC |
google — android | In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763050References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42512 MISC |
google — android | In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763204References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42513 MISC |
google — android | In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42514 MISC |
google — android | In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763503References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42515 MISC |
google — android | In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763577References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42516 MISC |
google — android | In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763682References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42517 MISC |
google — android | In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42518 MISC |
google — android | In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42519 MISC |
google — android | In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42520 MISC |
google — android | In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42521 MISC |
google — android | In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130038References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42522 MISC |
google — android | In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376893References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42523 MISC |
google — android | In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42524 MISC |
google — android | In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509750References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42525 MISC |
google — android | In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509880References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42526 MISC |
google — android | In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42527 MISC |
google — android | Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42529 MISC |
google — android | In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42530 MISC |
google — android | In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42531 MISC |
google — android | In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42532 MISC |
google — android | In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42534 MISC |
google — android | In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183 | 2022-12-16 | not yet calculated | CVE-2022-42535 MISC |
google — android | In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184 | 2022-12-16 | not yet calculated | CVE-2022-42542 MISC |
google — android | In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A | 2022-12-16 | not yet calculated | CVE-2022-42543 MISC |
google — android | In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 | 2022-12-16 | not yet calculated | CVE-2022-42544 MISC |
apple — multiple_products | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-42805 MISC MISC |
apple — multiple_products | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks. | 2022-12-15 | not yet calculated | CVE-2022-42821 MISC MISC MISC |
x.org — x.org | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 2022-12-14 | not yet calculated | CVE-2022-4283 MISC MISC FEDORA FEDORA |
apple — multiple_products | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-42837 MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-42840 MISC MISC MISC MISC MISC |
apple — multiple_products | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2. Processing a maliciously crafted package may lead to arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-42841 MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution. | 2022-12-15 | not yet calculated | CVE-2022-42842 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information. | 2022-12-15 | not yet calculated | CVE-2022-42843 MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox. | 2022-12-15 | not yet calculated | CVE-2022-42844 MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-42845 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination. | 2022-12-15 | not yet calculated | CVE-2022-42846 MISC MISC |
apple — macos_ventura |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-42847 MISC |
apple — multiple_products | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-42848 MISC MISC MISC |
apple — multiple_products | An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges. | 2022-12-15 | not yet calculated | CVE-2022-42849 MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-42850 MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure of user information. | 2022-12-15 | not yet calculated | CVE-2022-42851 MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may result in the disclosure of process memory. | 2022-12-15 | not yet calculated | CVE-2022-42852 MISC MISC MISC MISC MISC MISC |
apple — macos_ventura | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system. | 2022-12-15 | not yet calculated | CVE-2022-42853 MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to disclose kernel memory. | 2022-12-15 | not yet calculated | CVE-2022-42854 MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to use arbitrary entitlements. | 2022-12-15 | not yet calculated | CVE-2022-42855 MISC MISC MISC MISC MISC |
apple — multiple_products | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. | 2022-12-15 | not yet calculated | CVE-2022-42856 MISC MISC MISC MISC MISC |
apple — multiple_products | Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences. | 2022-12-15 | not yet calculated | CVE-2022-42859 MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox. | 2022-12-15 | not yet calculated | CVE-2022-42861 MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences. | 2022-12-15 | not yet calculated | CVE-2022-42862 MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-42863 MISC MISC MISC MISC MISC |
apple — multiple_products | A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-42864 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences. | 2022-12-15 | not yet calculated | CVE-2022-42865 MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to read sensitive location information. | 2022-12-15 | not yet calculated | CVE-2022-42866 MISC MISC MISC MISC |
apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-42867 MISC MISC MISC MISC MISC |
trellix– endpoint_agent |
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality. | 2022-12-16 | not yet calculated | CVE-2022-4326 MISC |
beijing_zed-3 — voip_simpliclty_asg |
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS). | 2022-12-15 | not yet calculated | CVE-2022-44235 MISC |
beijing_zed-3 — voip_simpliclty_asg |
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-44236 MISC |
m0ver — bible-online | A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444. | 2022-12-13 | not yet calculated | CVE-2022-4454 MISC MISC |
sproctor — php-calendar | A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is recommended to apply a patch to fix this issue. The identifier VDB-215445 was assigned to this vulnerability. | 2022-12-13 | not yet calculated | CVE-2022-4455 MISC MISC |
falling-fruit — falling-fruit | A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to apply a patch to fix this issue. VDB-215446 is the identifier assigned to this vulnerability. | 2022-12-13 | not yet calculated | CVE-2022-4456 MISC MISC |
wordpress — wordpress | Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. | 2022-12-15 | not yet calculated | CVE-2022-44588 MISC |
samsung — samsung_tv | The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models. | 2022-12-13 | not yet calculated | CVE-2022-44636 MISC MISC |
wordpress — wordpress | The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin’s settings. | 2022-12-14 | not yet calculated | CVE-2022-4501 MISC MISC |
codeprojects — expense_tracker | A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. | 2022-12-15 | not yet calculated | CVE-2022-45033 MISC |
rainygao — docsys | A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851. | 2022-12-15 | not yet calculated | CVE-2022-4511 N/A N/A |
european_environment_agency — eionet.contreg | A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-4513 N/A N/A N/A |
opencaching_deutschland — oc-server3 |
A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-4514 N/A N/A N/A |
wordpress — wordpress | The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2022-12-15 | not yet calculated | CVE-2022-4519 MISC MISC |
wso2 — carbon-registry |
A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900. | 2022-12-15 | not yet calculated | CVE-2022-4520 N/A N/A N/A N/A |
wso2 — carbon-registry | A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.7. This affects an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile_menu leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.8.12 is able to address this issue. The name of the patch is 9f967abfde9317bee2cda469dbc09b57d539f2cc. It is recommended to upgrade the affected component. The identifier VDB-215901 was assigned to this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-4521 N/A N/A N/A N/A |
calendarxp — calendarxp | A vulnerability classified as problematic was found in CalendarXP up to 10.0.1. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 10.0.2 is able to address this issue. The name of the patch is e3715b2228ddefe00113296069969f9e184836da. It is recommended to upgrade the affected component. VDB-215902 is the identifier assigned to this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-4522 N/A N/A N/A |
vexim — vexim2 | A vulnerability, which was classified as problematic, has been found in vexim2. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 21c0a60d12e9d587f905cd084b2c70f9b1592065. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215903. | 2022-12-15 | not yet calculated | CVE-2022-4523 N/A N/A N/A |
roots — soil | A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.1.0. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904. | 2022-12-15 | not yet calculated | CVE-2022-4524 N/A N/A N/A N/A |
national_sleep_research_resource — sleepdata.org | A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 59.0.0.rc and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0 is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-4525 N/A N/A N/A |
django-photologue — django-photologue | A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photo_detail.html of the component Default Template Handler. The manipulation of the argument object.caption leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.16 is able to address this issue. The name of the patch is 960cb060ce5e2964e6d716ff787c72fc18a371e7. It is recommended to apply a patch to fix this issue. VDB-215906 is the identifier assigned to this vulnerability. | 2022-12-15 | not yet calculated | CVE-2022-4526 N/A N/A N/A |
collective — collective.task | A vulnerability was found in collective.task up to 3.0.9. It has been classified as problematic. This affects the function renderCell/AssignedGroupColumn of the file src/collective/task/browser/table.py. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.0.10 is able to address this issue. The name of the patch is 1aac7f83fa2c2b41d59ba02748912953461f3fac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215907. | 2022-12-15 | not yet calculated | CVE-2022-4527 N/A N/A N/A |
exact_software — synergy_enterprise | An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file. | 2022-12-15 | not yet calculated | CVE-2022-45338 MISC |
siemens — teamcenter_and_jt2go | A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V13.3 (All versions >= V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.0 (All versions >= V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056) | 2022-12-13 | not yet calculated | CVE-2022-45484 CONFIRM |
wordpress — wordpress | The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities. | 2022-12-16 | not yet calculated | CVE-2022-4555 MISC MISC |
alinto — sogo | A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960. | 2022-12-16 | not yet calculated | CVE-2022-4556 MISC MISC MISC |
alinto — sogo | A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability. | 2022-12-16 | not yet calculated | CVE-2022-4558 MISC MISC MISC |
inex — ipx-manager | A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been declared as problematic. This vulnerability affects unknown code of the file resources/views/customer/list.foil.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.3.0 is able to address this issue. The name of the patch is bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243. It is recommended to upgrade the affected component. VDB-215962 is the identifier assigned to this vulnerability. | 2022-12-16 | not yet calculated | CVE-2022-4559 MISC MISC MISC |
joget — joget | A vulnerability was found in Joget up to 7.0.32. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 8.0-BETA is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963. | 2022-12-16 | not yet calculated | CVE-2022-4560 MISC MISC MISC |
wikimedia — semanticdrilldown_extension | A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964. | 2022-12-16 | not yet calculated | CVE-2022-4561 MISC MISC |
freedom_of_the_press — securedrop | A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972. | 2022-12-16 | not yet calculated | CVE-2022-4563 N/A N/A N/A |
university_of_central_florida — materia | A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.1-alpha1. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.2-alpha2 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability. | 2022-12-16 | not yet calculated | CVE-2022-4564 N/A N/A N/A N/A |
dromara — hutool | A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability. | 2022-12-16 | not yet calculated | CVE-2022-4565 MISC MISC |
y_project — ruoyi | A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. | 2022-12-16 | not yet calculated | CVE-2022-4566 MISC MISC MISC MISC |
openemr — openemr | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | 2022-12-17 | not yet calculated | CVE-2022-4567 CONFIRM MISC |
ubi_reader — ubi_reader | A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be launched remotely. Upgrading to version 0.8.5 is able to address this issue. The name of the patch is d5d68e6b1b9f7070c29df5f67fc060f579ae9139. It is recommended to upgrade the affected component. VDB-216146 is the identifier assigned to this vulnerability. | 2022-12-17 | not yet calculated | CVE-2022-4572 MISC MISC MISC MISC |
sharp — multifunction_printers | Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)’s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors. | 2022-12-16 | not yet calculated | CVE-2022-45796 MISC |
mind-map — mind-map | A vulnerability was found in 1j01 mind-map and classified as problematic. This issue affects some unknown processing of the file app.coffee. The manipulation of the argument html leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9617e6084dfeccd92079ab4d7f439300a4b24394. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216167. | 2022-12-17 | not yet calculated | CVE-2022-4581 N/A N/A |
starter-public-edition-4 — starter-public-edition-4 | A vulnerability was found in starter-public-edition-4 up to 4.6.10. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.6.11 is able to address this issue. The name of the patch is 2606983c20f6ea3430ac4b36b3d2e88aafef45da. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216168. | 2022-12-17 | not yet calculated | CVE-2022-4582 N/A N/A N/A |
jlems — jlems | A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src/main/java/org/lemsml/jlems/io/util/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 8c224637d7d561076364a9e3c2c375daeaf463dc. It is recommended to apply a patch to fix this issue. The identifier VDB-216169 was assigned to this vulnerability. | 2022-12-17 | not yet calculated | CVE-2022-4583 N/A N/A N/A |
axiomatic — bento4 | A vulnerability was found in Axiomatic Bento4. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability. | 2022-12-17 | not yet calculated | CVE-2022-4584 N/A N/A N/A |
opencaching_deutschland — oc-server3 | A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3. This affects an unknown part of the file htdocs/templates2/ocstyle/start.tpl of the component Cookie Handler. The manipulation of the argument usercountryCode leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is c720f2777a452186c67ef30db3679dd409556544. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216171. | 2022-12-17 | not yet calculated | CVE-2022-4585 N/A N/A N/A |
opencaching_deutschland — oc-server3 |
A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs/templates2/ocstyle/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument name_filter/by_filter leads to cross site scripting. The attack can be initiated remotely. The name of the patch is a9f79c7da78cd24a7ef1d298e6bc86006972ea73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216172. | 2022-12-17 | not yet calculated | CVE-2022-4586 N/A N/A N/A |
opencaching_deutschland — oc-server3 | A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3. This issue affects some unknown processing of the file htdocs/templates2/ocstyle/login.tpl of the component Login Page. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3296ebd61e7fe49e93b5755d5d7766d6e94a7667. It is recommended to apply a patch to fix this issue. The identifier VDB-216173 was assigned to this vulnerability. | 2022-12-17 | not yet calculated | CVE-2022-4587 N/A N/A N/A |
boston_sleep — slice | A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.2.0. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 85.0.0 is able to address this issue. The name of the patch is 6523bb17d889e2ab13d767f38afefdb37083f1d0. It is recommended to upgrade the affected component. VDB-216174 is the identifier assigned to this vulnerability. | 2022-12-17 | not yet calculated | CVE-2022-4588 N/A N/A N/A |
cyface — terms_and_conditions_module |
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.10 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.11 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175. | 2022-12-17 | not yet calculated | CVE-2022-4589 N/A N/A N/A N/A |
mschaef — toto | A vulnerability was found in mschaef toto up to 1.4.20. It has been classified as problematic. This affects an unknown part of the component Todo List Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.21 is able to address this issue. The name of the patch is fdc825ac5249f40683377e8a526a06cdc6870125. It is recommended to upgrade the affected component. The identifier VDB-216177 was assigned to this vulnerability. | 2022-12-17 | not yet calculated | CVE-2022-4590 N/A N/A N/A |
mschaef — toto | A vulnerability was found in mschaef toto up to 1.4.20. It has been declared as problematic. This vulnerability affects unknown code of the component Email Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.21 is able to address this issue. The name of the patch is 1f27f37c1a06f54a76971f70eaa6139dc139bdf9. It is recommended to upgrade the affected component. VDB-216178 is the identifier assigned to this vulnerability. | 2022-12-17 | not yet calculated | CVE-2022-4591 N/A N/A N/A |
siemens — multiple_products | A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials. | 2022-12-13 | not yet calculated | CVE-2022-45937 CONFIRM |
alist — alist | Alist v3.4.0 is vulnerable to Directory Traversal, | 2022-12-15 | not yet calculated | CVE-2022-45969 MISC |
tenda — ac15 | Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. | 2022-12-16 | not yet calculated | CVE-2022-46109 MISC |
aerocms — aerocms | In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | 2022-12-16 | not yet calculated | CVE-2022-46135 MISC |
aerocms — aerocms | AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. | 2022-12-16 | not yet calculated | CVE-2022-46137 MISC |
siemens — scalance | Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system. | 2022-12-13 | not yet calculated | CVE-2022-46140 CONFIRM |
siemens — scalance | Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. | 2022-12-13 | not yet calculated | CVE-2022-46142 CONFIRM |
siemens — scalance | Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data. | 2022-12-13 | not yet calculated | CVE-2022-46143 CONFIRM |
x.org — x.org | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. | 2022-12-14 | not yet calculated | CVE-2022-46340 MISC MISC FEDORA FEDORA |
x.org — x.org | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 2022-12-14 | not yet calculated | CVE-2022-46341 MISC MISC FEDORA FEDORA |
x.org — x.org | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se | 2022-12-14 | not yet calculated | CVE-2022-46342 MISC MISC FEDORA FEDORA |
x.org — x.org | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 2022-12-14 | not yet calculated | CVE-2022-46343 MISC MISC FEDORA FEDORA |
x.org — x.org | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. | 2022-12-14 | not yet calculated | CVE-2022-46344 MISC MISC FEDORA FEDORA |
mbed_tls — mbed_tls | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. | 2022-12-15 | not yet calculated | CVE-2022-46392 MISC MISC |
mbed_tls — mbed_tls | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. | 2022-12-15 | not yet calculated | CVE-2022-46393 MISC MISC MISC |
atos — unify | A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system. | 2022-12-13 | not yet calculated | CVE-2022-46404 MISC MISC |
totolink — a7100ru | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. | 2022-12-15 | not yet calculated | CVE-2022-46631 MISC |
totolink — a7100ru | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | 2022-12-15 | not yet calculated | CVE-2022-46634 MISC |
rockwell_automation — micrologix_controllers | Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website. | 2022-12-16 | not yet calculated | CVE-2022-46670 MISC |
apple — multiple_products | A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-46689 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-46690 MISC MISC MISC MISC |
apple — multiple_products | A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-46691 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy. | 2022-12-15 | not yet calculated | CVE-2022-46692 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-46693 MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution. | 2022-12-15 | not yet calculated | CVE-2022-46694 MISC MISC MISC MISC |
apple — multiple_products | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing. | 2022-12-15 | not yet calculated | CVE-2022-46695 MISC MISC MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-46696 MISC MISC MISC MISC MISC |
apple — macos | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-46697 MISC |
apple — ios_and_ipados | A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information. | 2022-12-15 | not yet calculated | CVE-2022-46698 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-46699 MISC MISC MISC MISC MISC |
apple — multiple_products | A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-12-15 | not yet calculated | CVE-2022-46700 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges. | 2022-12-15 | not yet calculated | CVE-2022-46701 MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2. An app may be able to disclose kernel memory. | 2022-12-15 | not yet calculated | CVE-2022-46702 MISC |
zabbix — web_service_report_generation | Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files. | 2022-12-15 | not yet calculated | CVE-2022-46768 CONFIRM |
apache — zeppelin | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users’ browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin. | 2022-12-16 | not yet calculated | CVE-2022-46870 MISC |
netgear — nighthawk | The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | 2022-12-16 | not yet calculated | CVE-2022-47208 MISC |
netgear — nighthawk | A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. | 2022-12-16 | not yet calculated | CVE-2022-47209 MISC |
netgear — nighthawk | The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | 2022-12-16 | not yet calculated | CVE-2022-47210 MISC |
sick — sick_sim2000st | Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal). | 2022-12-16 | not yet calculated | CVE-2022-47377 MISC |
typo3 — typo3 | An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed. | 2022-12-14 | not yet calculated | CVE-2022-47406 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.