Weekly Vulnerabilities Reports > December 12 to 18, 2022

Overview

841 new vulnerabilities reported during this period, including 68 critical vulnerabilities and 361 high severity vulnerabilities. This weekly summary report vulnerabilities in 3810 products from 160 vendors including Google, Microsoft, Apple, Siemens, and Arubanetworks. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "SQL Injection", and "Improper Input Validation".

  • 495 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 240 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 406 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 179 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

68 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-12-18 CVE-2022-4607 TUM XXE vulnerability in TUM OGC web Feature Service

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0.

9.8
2022-12-18 CVE-2020-36617 ** DISPUTED ** A vulnerability was found in ewxrjk sftpserver.
9.8
2022-12-18 CVE-2022-4606 PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
9.8
2022-12-18 CVE-2021-4248 A vulnerability was found in kapetan dns up to 6.1.0.
9.8
2022-12-18 CVE-2022-4592 Crmx Project SQL Injection vulnerability in Crmx Project Crmx

A vulnerability was found in luckyshot CRMx and classified as critical.

9.8
2022-12-18 CVE-2022-4594 A vulnerability was found in drogatkin TJWS2.
9.8
2022-12-17 CVE-2021-4246 A vulnerability was found in roxlukas LMeve and classified as critical.
9.8
2022-12-16 CVE-2021-31650 Online Grading System Project SQL Injection vulnerability in Online Grading System Project Online Grading System 1.0

A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.

9.8
2022-12-16 CVE-2021-38241 Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
9.8
2022-12-16 CVE-2022-37832 Mutiny 7.2.0-10788 suffers from Hardcoded root password.
9.8
2022-12-16 CVE-2022-4566 Ruoyi SQL Injection vulnerability in Ruoyi 4.7.5

A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5.

9.8
2022-12-16 CVE-2022-42529 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A

9.8
2022-12-16 CVE-2022-47377 Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method.
9.8
2022-12-15 CVE-2022-45969 Alist Project Path Traversal vulnerability in Alist Project Alist 3.4.0

Alist v3.4.0 is vulnerable to Directory Traversal,

9.8
2022-12-15 CVE-2022-46393 ARM
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.

9.8
2022-12-15 CVE-2022-46631 Totolink Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.

9.8
2022-12-15 CVE-2022-46634 Totolink Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.

9.8
2022-12-15 CVE-2021-4245 A vulnerability classified as problematic has been found in chbrown rfc6902.
9.8
2022-12-15 CVE-2021-33420 A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.
9.8
2022-12-15 CVE-2021-39426 Seacms Code Injection vulnerability in Seacms 11.4

An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.

9.8
2022-12-15 CVE-2021-4226 RSFirewall tries to identify the original IP address by looking at different HTTP headers.
9.8
2022-12-15 CVE-2022-42837 Apple Unspecified vulnerability in Apple products

An issue existed in the parsing of URLs.

9.8
2022-12-15 CVE-2022-42842 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

9.8
2022-12-15 CVE-2022-44236 ZED 3 Weak Password Requirements vulnerability in Zed-3 Voip Simplicity ASG 8.5.0.17807

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability.

9.8
2022-12-15 CVE-2022-44588 Unauth.
9.8
2022-12-14 CVE-2022-38488 logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter.
9.8
2022-12-14 CVE-2022-47406 An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3.
9.8
2022-12-14 CVE-2022-31702 Vmware Command Injection vulnerability in VMWare Vrealize Network Insight

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API.

9.8
2022-12-14 CVE-2022-46071 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page.

9.8
2022-12-14 CVE-2022-46072 Helmet Store Showroom Project SQL Injection vulnerability in Helmet Store Showroom Project Helmet Store Showroom 1.0

Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.

9.8
2022-12-14 CVE-2022-46255 Github Path Traversal vulnerability in Github Enterprise Server 3.7.0

An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution.

9.8
2022-12-14 CVE-2022-44832 Dlink Command Injection vulnerability in Dlink Dir-3040 Firmware 120B03

D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.

9.8
2022-12-14 CVE-2022-46609 Python3 Restfulapi Project Unspecified vulnerability in Python3-Restfulapi Project Python3-Restfulapi

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package.

9.8
2022-12-14 CVE-2022-46996 Vsphere Selfuse Project Unspecified vulnerability in Vsphere Selfuse Project Vsphere Selfuse 20190722

vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package.

9.8
2022-12-14 CVE-2022-46997 Passhunt Project Unspecified vulnerability in Passhunt Project Passhunt

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package.

9.8
2022-12-14 CVE-2022-4493 A vulnerability classified as critical was found in scifio.
9.8
2022-12-14 CVE-2022-4494 A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer.
9.8
2022-12-14 CVE-2022-24377 The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.
9.8
2022-12-13 CVE-2022-41653 Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system.
9.8
2022-12-13 CVE-2022-46404 Atos Command Injection vulnerability in Atos products

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

9.8
2022-12-13 CVE-2022-45005 IP COM Command Injection vulnerability in Ip-Com EW9 Firmware 15.11.0.14(9732)

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.

9.8
2022-12-13 CVE-2022-4454 A vulnerability, which was classified as critical, has been found in m0ver bible-online.
9.8
2022-12-13 CVE-2022-27518 Unauthenticated remote arbitrary code execution
9.8
2022-12-13 CVE-2022-46364 A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8
2022-12-13 CVE-2022-20472 Google Out-of-bounds Read vulnerability in Google Android

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check.

9.8
2022-12-13 CVE-2022-20473 Google Out-of-bounds Read vulnerability in Google Android

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check.

9.8
2022-12-13 CVE-2022-43724 A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0).
9.8
2022-12-13 CVE-2022-46353 A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).
9.8
2022-12-13 CVE-2022-4446 PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.
9.8
2022-12-12 CVE-2022-3900 Boxystudio Deserialization of Untrusted Data vulnerability in Boxystudio Cooked 1.7.5.6

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.

9.8
2022-12-12 CVE-2022-3915 Wedevs SQL Injection vulnerability in Wedevs Dokan

The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

9.8
2022-12-12 CVE-2022-3921 Themographics Unrestricted Upload of File with Dangerous Type vulnerability in Themographics Listingo

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

9.8
2022-12-12 CVE-2022-3982 Wpdevart Unrestricted Upload of File with Dangerous Type vulnerability in Wpdevart Booking Calendar

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

9.8
2022-12-12 CVE-2022-4314 Ikus Soft Improper Privilege Management vulnerability in Ikus-Soft Rdiffweb

Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.

9.8
2022-12-12 CVE-2021-3437 HP Unspecified vulnerability in HP Omen Gaming HUB and Omen Gaming HUB SDK

Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service.

9.8
2022-12-12 CVE-2021-3821 HP Unspecified vulnerability in HP Futuresmart 5

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs).

9.8
2022-12-12 CVE-2021-3919 HP Unspecified vulnerability in HP Command Center and Omen Gaming HUB

A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service.

9.8
2022-12-12 CVE-2021-3942 HP Link Following vulnerability in HP products

Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.

9.8
2022-12-12 CVE-2022-37897 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211).

9.8
2022-12-12 CVE-2022-37932 A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches.
9.8
2022-12-12 CVE-2022-38656 Hcltechsw Unspecified vulnerability in Hcltechsw HCL Commerce 9.1.8/9.1.9

HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.

9.8
2022-12-12 CVE-2022-3485 IFM Weak Password Recovery Mechanism for Forgotten Password vulnerability in IFM Moneo Qha200 Firmware and Moneo Qha210 Firmware

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.

9.8
2022-12-12 CVE-2022-46682 Jenkins XXE vulnerability in Jenkins Plot

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

9.8
2022-12-15 CVE-2022-40004 Thingsboard Cross-site Scripting vulnerability in Thingsboard 3.4.1

Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log.

9.6
2022-12-13 CVE-2022-41271 SAP Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50.

9.4
2022-12-14 CVE-2022-47408 FP Newsletter Project Incorrect Authorization vulnerability in FP Newsletter Project FP Newsletter 1.2.0

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3.

9.1
2022-12-13 CVE-2022-2757 Kingspan Improper Authentication vulnerability in Kingspan Tms300 CS Firmware

Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.

9.1
2022-12-14 CVE-2022-31358 A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.
9.0

361 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-12-18 CVE-2022-4603 ** DISPUTED ** A vulnerability classified as problematic has been found in ppp.
8.8
2022-12-18 CVE-2022-4604 WP English WP Admin Project Cross-Site Request Forgery (CSRF) vulnerability in Wp-English-Wp-Admin Project Wp-English-Wp-Admin

A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1.

8.8
2022-12-18 CVE-2022-47514 An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.
8.8
2022-12-17 CVE-2022-4583 A vulnerability was found in jLEMS.
8.8
2022-12-17 CVE-2022-4584 Axiosys Heap-based Buffer Overflow vulnerability in Axiosys Bento4

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639.

8.8
2022-12-16 CVE-2022-47208 The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input.
8.8
2022-12-16 CVE-2022-47209 A support user exists on the device and appears to be a backdoor for Technical Support staff.
8.8
2022-12-16 CVE-2022-4564 UCF Cross-Site Request Forgery (CSRF) vulnerability in UCF Materia

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0.

8.8
2022-12-16 CVE-2022-20607 Google Out-of-bounds Write vulnerability in Google Android

In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check.

8.8
2022-12-16 CVE-2022-20610 Google Out-of-bounds Read vulnerability in Google Android

In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check.

8.8
2022-12-16 CVE-2022-25628 Broadcom XXE vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4

8.8
2022-12-15 CVE-2020-20588 Ibarn Project Unrestricted Upload of File with Dangerous Type vulnerability in Ibarn Project Ibarn 1.5

File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php.

8.8
2022-12-15 CVE-2022-42856 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved state handling.

8.8
2022-12-15 CVE-2022-42861 Apple Unspecified vulnerability in Apple Macos 13.0

This issue was addressed with improved checks.

8.8
2022-12-15 CVE-2022-42863 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

8.8
2022-12-15 CVE-2022-42867 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

8.8
2022-12-15 CVE-2022-46691 Apple Out-of-bounds Write vulnerability in Apple products

A memory consumption issue was addressed with improved memory handling.

8.8
2022-12-15 CVE-2022-46696 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved input validation.

8.8
2022-12-15 CVE-2022-46699 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

8.8
2022-12-15 CVE-2022-46700 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved input validation.

8.8
2022-12-15 CVE-2022-29517 Lansweeper Path Traversal vulnerability in Lansweeper 10.1.1.0

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0.

8.8
2022-12-15 CVE-2022-32573 Lansweeper Path Traversal vulnerability in Lansweeper 10.1.1.0

A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0.

8.8
2022-12-15 CVE-2022-4506 Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
8.8
2022-12-14 CVE-2022-46340 X ORG
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

A vulnerability was found in X.Org.

8.8
2022-12-14 CVE-2022-46341 X ORG
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

A vulnerability was found in X.Org.

8.8
2022-12-14 CVE-2022-46342 X ORG
Fedoraproject
Debian
Use After Free vulnerability in multiple products

A vulnerability was found in X.Org.

8.8
2022-12-14 CVE-2022-46343 X ORG
Fedoraproject
Debian
Use After Free vulnerability in multiple products

A vulnerability was found in X.Org.

8.8
2022-12-14 CVE-2022-46344 X ORG
Fedoraproject
Debian
Out-of-bounds Read vulnerability in multiple products

A vulnerability was found in X.Org.

8.8
2022-12-14 CVE-2022-46256 A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site.
8.8
2022-12-14 CVE-2022-46443 Bangresto Project SQL Injection vulnerability in Bangresto Project Bangresto 1.0

mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.

8.8
2022-12-14 CVE-2022-46074 Helmet Store Showroom Project Cross-Site Request Forgery (CSRF) vulnerability in Helmet Store Showroom Project Helmet Store Showroom 1.0

Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF).

8.8
2022-12-14 CVE-2022-34271 Apache Path Traversal vulnerability in Apache Atlas

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem.

8.8
2022-12-14 CVE-2022-23503 TYPO3 is an open source PHP based web content management system.
8.8
2022-12-14 CVE-2022-4436 Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2022-12-14 CVE-2022-4437 Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2022-12-14 CVE-2022-4438 Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
8.8
2022-12-14 CVE-2022-4439 Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
8.8
2022-12-14 CVE-2022-4440 Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2022-12-14 CVE-2022-37155 Spip Unspecified vulnerability in Spip

RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.

8.8
2022-12-14 CVE-2022-42139 Deltaww OS Command Injection vulnerability in Deltaww Dvw-W02W2-E2 Firmware 2.42

Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL.

8.8
2022-12-13 CVE-2022-41089 Microsoft Unspecified vulnerability in Microsoft .Net

.NET Framework Remote Code Execution Vulnerability.

8.8
2022-12-13 CVE-2022-44690 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8
2022-12-13 CVE-2022-44693 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8
2022-12-13 CVE-2022-20411 Google Out-of-bounds Write vulnerability in Google Android

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check.

8.8
2022-12-13 CVE-2022-20469 Google Out-of-bounds Write vulnerability in Google Android

In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check.

8.8
2022-12-13 CVE-2022-31696 Vmware Unspecified vulnerability in VMWare Esxi 6.5/6.7

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket.

8.8
2022-12-13 CVE-2022-4223 Fedoraproject Code Injection vulnerability in Fedoraproject Fedora 37

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore.

8.8
2022-12-13 CVE-2022-41264 SAP Code Injection vulnerability in SAP Basis

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker.

8.8
2022-12-13 CVE-2022-41267 SAP Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.

8.8
2022-12-12 CVE-2022-42716 ARM Use After Free vulnerability in ARM products

An issue was discovered in the Arm Mali GPU Kernel Driver.

8.8
2022-12-12 CVE-2022-3359 Averta Deserialization of Untrusted Data vulnerability in Averta Shortcodes and Extra Features for Phlox Theme

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.

8.8
2022-12-12 CVE-2022-3981 Icegram SQL Injection vulnerability in Icegram Email Subscribers & Newsletters

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber

8.8
2022-12-12 CVE-2022-3989 Stylemixthemes Unrestricted Upload of File with Dangerous Type vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.

8.8
2022-12-12 CVE-2022-45043 Tenda Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.16Cn

Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.

8.8
2022-12-12 CVE-2022-45977 Tenda Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn

Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.

8.8
2022-12-12 CVE-2022-45980 Tenda Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .

8.8
2022-12-12 CVE-2022-45968 Alist Project Unrestricted Upload of File with Dangerous Type vulnerability in Alist Project Alist 3.4.0

Alist v3.4.0 is vulnerable to File Upload.

8.8
2022-12-12 CVE-2022-37903 Arubanetworks Out-of-bounds Write vulnerability in Arubanetworks Arubaos 10.3.0.0

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface.

8.8
2022-12-12 CVE-2022-37904 Arubanetworks Code Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence.

8.8
2022-12-12 CVE-2022-37905 Arubanetworks Code Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence.

8.8
2022-12-12 CVE-2022-37912 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

8.8
2022-12-12 CVE-2022-43542 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

8.8
2022-12-12 CVE-2022-20689 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.

8.8
2022-12-12 CVE-2022-20690 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device.

8.8
2022-12-12 CVE-2022-20968 Cisco Out-of-bounds Write vulnerability in Cisco products

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.

8.8
2022-12-12 CVE-2022-3641 Devolutions Unspecified vulnerability in Devolutions Remote Desktop Manager

Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account.

8.8
2022-12-12 CVE-2022-41296 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM DB2 and DB2 Warehouse

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2022-12-12 CVE-2022-4416 Mxsdoc Project SQL Injection vulnerability in Mxsdoc Project Mxsdoc

A vulnerability was found in RainyGao DocSys.

8.8
2022-12-12 CVE-2022-45759 Sens Project Unrestricted Upload of File with Dangerous Type vulnerability in Sens Project Sens

SENS v1.0 has a file upload vulnerability.

8.8
2022-12-12 CVE-2022-45760 Sens Project Incorrect Authorization vulnerability in Sens Project Sens

SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.

8.8
2022-12-15 CVE-2022-42844 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved memory handling.

8.6
2022-12-14 CVE-2022-2601 GNU
Redhat
Fedoraproject
Heap-based Buffer Overflow vulnerability in multiple products

A buffer overflow was found in grub_font_construct_glyph().

8.6
2022-12-13 CVE-2022-41272 SAP Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system.

8.6
2022-12-13 CVE-2022-41076 Microsoft Unspecified vulnerability in Microsoft products

PowerShell Remote Code Execution Vulnerability.

8.5
2022-12-13 CVE-2022-41127 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 Business Central and Dynamics NAV

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

8.5
2022-12-13 CVE-2022-41562 Tibco Cross-site Scripting vulnerability in Tibco Jasperreports Server 8.1.0

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system.

8.4
2022-12-13 CVE-2022-20444 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0/12.0

In several functions of inputDispatcher.cpp, there is a possible way to make toasts clickable due to a tapjacking/overlay attack.

8.4
2022-12-12 CVE-2021-3661 HP Unspecified vulnerability in HP products

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution.

8.4
2022-12-12 CVE-2022-37018 A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution.
8.4
2022-12-13 CVE-2022-44708 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.
8.3
2022-12-14 CVE-2022-31705 Vmware Out-of-bounds Write vulnerability in VMWare Esxi 7.0/8.0

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI).

8.2
2022-12-17 CVE-2022-4567 Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
8.1
2022-12-14 CVE-2022-23512 MeterSphere is a one-stop open source continuous testing platform.
8.1
2022-12-13 CVE-2022-44670 Microsoft Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2022-12-13 CVE-2022-44676 Microsoft Race Condition vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2022-12-13 CVE-2022-33268 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP.

8.1
2022-12-13 CVE-2022-45936 A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0).
8.1
2022-12-13 CVE-2022-46664 Siemens Improper Access Control vulnerability in Siemens Mendix Workflow Commons

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2).

8.1
2022-12-12 CVE-2022-3999 Dpdgroup Missing Authorization vulnerability in Dpdgroup Woocommerce Shipping

The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.

8.1
2022-12-12 CVE-2022-37906 Arubanetworks Path Traversal vulnerability in Arubanetworks Arubaos and Sd-Wan

An authenticated path traversal vulnerability exists in the ArubaOS command line interface.

8.1
2022-12-13 CVE-2022-4098 WUT Authentication Bypass by Spoofing vulnerability in WUT products

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing.

8.0
2022-12-18 CVE-2022-47518 Linux
Debian
Netapp
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.0.11.

7.8
2022-12-18 CVE-2022-47519 Linux
Debian
Netapp
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.0.11.

7.8
2022-12-18 CVE-2022-47521 Linux
Debian
Netapp
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.0.11.

7.8
2022-12-17 CVE-2022-23531 GuardDog is a CLI tool to identify malicious PyPI packages.
7.8
2022-12-16 CVE-2022-26582 Paxtechnology OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419

The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root.

7.8
2022-12-16 CVE-2022-47210 The default console presented to users over telnet (when enabled) is restricted to a subset of commands.
7.8
2022-12-16 CVE-2022-41992 Poweriso Out-of-bounds Write vulnerability in Poweriso 8.3

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3.

7.8
2022-12-16 CVE-2022-4563 A vulnerability was found in Freedom of the Press SecureDrop.
7.8
2022-12-16 CVE-2022-20503 Google Missing Authorization vulnerability in Google Android 13.0

In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check.

7.8
2022-12-16 CVE-2022-20506 Google Missing Authorization vulnerability in Google Android 13.0

In onCreate of WifiDialogActivity.java, there is a missing permission check.

7.8
2022-12-16 CVE-2022-20507 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 13.0

In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check.

7.8
2022-12-16 CVE-2022-20508 Google Missing Authorization vulnerability in Google Android 13.0

In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass.

7.8
2022-12-16 CVE-2022-20512 Google Improper Input Validation vulnerability in Google Android 13.0

In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation.

7.8
2022-12-16 CVE-2022-20520 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 13.0

In onCreate of various files, there is a possible tapjacking/overlay attack.

7.8
2022-12-16 CVE-2022-20522 Google Missing Authorization vulnerability in Google Android 13.0

In getSlice of ProviderModelSlice.java, there is a missing permission check.

7.8
2022-12-16 CVE-2022-20524 Google Use After Free vulnerability in Google Android 13.0

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free.

7.8
2022-12-16 CVE-2022-20540 Google Use After Free vulnerability in Google Android 13.0

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free.

7.8
2022-12-16 CVE-2022-20547 Google Unspecified vulnerability in Google Android 13.0

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check.

7.8
2022-12-16 CVE-2022-20548 Google Out-of-bounds Write vulnerability in Google Android 13.0

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation.

7.8
2022-12-16 CVE-2022-20550 Google Unspecified vulnerability in Google Android 13.0

In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy.

7.8
2022-12-16 CVE-2022-20561 Google Use After Free vulnerability in Google Android

In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free.

7.8
2022-12-16 CVE-2022-20566 Google Improper Locking vulnerability in Google Android

In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking.

7.8
2022-12-16 CVE-2022-20568 Google Use After Free vulnerability in Google Android

In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free.

7.8
2022-12-16 CVE-2022-20582 Google Out-of-bounds Write vulnerability in Google Android

In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation.

7.8
2022-12-16 CVE-2022-20584 Google Improper Input Validation vulnerability in Google Android

In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation.

7.8
2022-12-16 CVE-2022-20585 Google Improper Input Validation vulnerability in Google Android

In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation.

7.8
2022-12-16 CVE-2022-20586 Google Improper Input Validation vulnerability in Google Android

In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation.

7.8
2022-12-16 CVE-2022-20587 Google Improper Input Validation vulnerability in Google Android

In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation.

7.8
2022-12-16 CVE-2022-20597 Google Integer Overflow or Wraparound vulnerability in Google Android

In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow.

7.8
2022-12-16 CVE-2022-20598 Google Integer Overflow or Wraparound vulnerability in Google Android

In sec_media_protect of media.c, there is a possible EoP due to an integer overflow.

7.8
2022-12-16 CVE-2022-20600 Google Unspecified vulnerability in Google Android

In TBD of TBD, there is a possible out of bounds write due to memory corruption.

7.8
2022-12-16 CVE-2022-42531 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android

In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation.

7.8
2022-12-16 CVE-2022-42534 Google Improper Input Validation vulnerability in Google Android

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation.

7.8
2022-12-16 CVE-2022-42544 Google Improper Input Validation vulnerability in Google Android 13.0

In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation.

7.8
2022-12-15 CVE-2022-45338 Exactsoftware Unrestricted Upload of File with Dangerous Type vulnerability in Exactsoftware Exact Synergy 267/500

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.

7.8
2022-12-15 CVE-2022-22063 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in Core due to improper configuration in boot remapper.

7.8
2022-12-15 CVE-2022-32860 Apple Out-of-bounds Write vulnerability in Apple Iphone OS and Macos

An out-of-bounds write was addressed with improved input validation.

7.8
2022-12-15 CVE-2022-32942 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

7.8
2022-12-15 CVE-2022-32948 Apple Out-of-bounds Read vulnerability in Apple Iphone OS

An out-of-bounds read was addressed with improved bounds checking.

7.8
2022-12-15 CVE-2022-42805 Apple Integer Overflow or Wraparound vulnerability in Apple Iphone OS

An integer overflow was addressed with improved input validation.

7.8
2022-12-15 CVE-2022-42840 Apple Unspecified vulnerability in Apple Ipados, Iphone OS and Macos

The issue was addressed with improved memory handling.

7.8
2022-12-15 CVE-2022-42841 Apple Type Confusion vulnerability in Apple Macos

A type confusion issue was addressed with improved checks.

7.8
2022-12-15 CVE-2022-42847 Apple Out-of-bounds Write vulnerability in Apple Macos

An out-of-bounds write issue was addressed with improved input validation.

7.8
2022-12-15 CVE-2022-42848 Apple Unspecified vulnerability in Apple Ipados, Iphone OS and Tvos

A logic issue was addressed with improved checks.

7.8
2022-12-15 CVE-2022-42849 Apple Incorrect Authorization vulnerability in Apple products

An access issue existed with privileged API calls.

7.8
2022-12-15 CVE-2022-42850 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved memory handling.

7.8
2022-12-15 CVE-2022-46690 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved input validation.

7.8
2022-12-15 CVE-2022-46693 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved input validation.

7.8
2022-12-15 CVE-2022-46694 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved input validation.

7.8
2022-12-15 CVE-2022-46697 An out-of-bounds access issue was addressed with improved bounds checking.
7.8
2022-12-15 CVE-2022-46701 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

The issue was addressed with improved bounds checks.

7.8
2022-12-14 CVE-2022-4283 X ORG
Fedoraproject
Redhat
Debian
Use After Free vulnerability in multiple products

A vulnerability was found in X.Org.

7.8
2022-12-14 CVE-2022-44910 Quarkslab Out-of-bounds Write vulnerability in Quarkslab Binbloom 2.0

Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.

7.8
2022-12-14 CVE-2022-44898 The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.
7.8
2022-12-13 CVE-2022-2947 Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer.
7.8
2022-12-13 CVE-2022-2949 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files.
7.8
2022-12-13 CVE-2022-2950 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files.
7.8
2022-12-13 CVE-2022-2951 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files.
7.8
2022-12-13 CVE-2022-26804 Microsoft Unspecified vulnerability in Microsoft 365 Apps

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-26805 Microsoft Unspecified vulnerability in Microsoft 365 Apps

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-26806 Microsoft Unspecified vulnerability in Microsoft 365 Apps

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-41077 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Compose Form Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-41094 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-41121 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability.

7.8
2022-12-13 CVE-2022-44666 Microsoft Unspecified vulnerability in Microsoft products

Windows Contacts Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-44667 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-44668 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-44671 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-44675 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Driver Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-44677 Microsoft Unspecified vulnerability in Microsoft products

Windows Projected File System Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-44678 Microsoft Unspecified vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-44680 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-44681 Microsoft Unspecified vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-44683 Microsoft Use After Free vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-44687 Microsoft Unspecified vulnerability in Microsoft RAW Image Extension

Raw Image Extension Remote Code Execution Vulnerability.

7.8
2022-12-13 CVE-2022-44689 Microsoft Unspecified vulnerability in Microsoft products

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.

7.8
2022-12-13 CVE-2022-44691 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office OneNote Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-44692 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-44694 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-44695 Microsoft Unspecified vulnerability in Microsoft 365 Apps, Office and Visio

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-44696 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-44697 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-44702 Windows Terminal Remote Code Execution Vulnerability.
7.8
2022-12-13 CVE-2022-44704 Microsoft Windows Sysmon Elevation of Privilege Vulnerability.
7.8
2022-12-13 CVE-2022-44710 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 11 22H2

DirectX Graphics Kernel Elevation of Privilege Vulnerability

7.8
2022-12-13 CVE-2022-47211 Microsoft Unspecified vulnerability in Microsoft 365 Apps

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-47212 Microsoft Unspecified vulnerability in Microsoft 365 Apps

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2022-47213 Microsoft Unspecified vulnerability in Microsoft 365 Apps

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2022-12-13 CVE-2019-25078 A vulnerability classified as problematic was found in pacparser up to 1.3.x.
7.8
2022-12-13 CVE-2021-39617 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 11.0/12.0/12.1

In the user interface buttons of PermissionController, there is a possible way to bypass permissions dialogs due to a tapjacking/overlay attack.

7.8
2022-12-13 CVE-2022-20470 Google Improper Input Validation vulnerability in Google Android

In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation.

7.8
2022-12-13 CVE-2022-20474 Google Unspecified vulnerability in Google Android

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy.

7.8
2022-12-13 CVE-2022-20475 Google Unspecified vulnerability in Google Android

In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy.

7.8
2022-12-13 CVE-2022-20477 Google Unspecified vulnerability in Google Android 13.0

In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code.

7.8
2022-12-13 CVE-2022-20478 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20479 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20480 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20484 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20485 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20486 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20487 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20488 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20491 Google Resource Exhaustion vulnerability in Google Android

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion.

7.8
2022-12-13 CVE-2022-20495 Google Unspecified vulnerability in Google Android

In getEnabledAccessibilityServiceList of AccessibilityManager.java, there is a possible way to hide an accessibility service due to a logic error in the code.

7.8
2022-12-13 CVE-2022-20611 Google Incorrect Default Permissions vulnerability in Google Android

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass.

7.8
2022-12-13 CVE-2022-25677 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

7.8
2022-12-13 CVE-2022-25681 Qualcomm Unspecified vulnerability in Qualcomm products

Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-12-13 CVE-2022-25682 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2022-12-13 CVE-2022-25695 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2022-12-13 CVE-2022-25697 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables

7.8
2022-12-13 CVE-2022-25698 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables

7.8
2022-12-13 CVE-2022-25711 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.8
2022-12-13 CVE-2022-25712 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in camera due to buffer copy without checking size of input in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables

7.8
2022-12-13 CVE-2022-41281 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

7.8
2022-12-13 CVE-2022-41282 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

7.8
2022-12-13 CVE-2022-41283 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

7.8
2022-12-13 CVE-2022-41284 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

7.8
2022-12-13 CVE-2022-41285 Siemens Use After Free vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

7.8
2022-12-13 CVE-2022-41286 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

7.8
2022-12-13 CVE-2022-43517 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Star-Ccm+

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions).

7.8
2022-12-13 CVE-2022-43722 A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0).
7.8
2022-12-13 CVE-2022-46345 Siemens Out-of-bounds Write vulnerability in Siemens Parasolid

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2022-12-13 CVE-2022-46346 Siemens Out-of-bounds Write vulnerability in Siemens Parasolid

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2022-12-13 CVE-2022-46347 Siemens Out-of-bounds Write vulnerability in Siemens Parasolid

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2022-12-13 CVE-2022-46348 Siemens Out-of-bounds Write vulnerability in Siemens Parasolid

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2022-12-13 CVE-2022-46349 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2).

7.8
2022-12-13 CVE-2021-32415 EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates.
7.8
2022-12-13 CVE-2022-29580 There exists a path traversal vulnerability in the Android Google Search app.
7.8
2022-12-12 CVE-2022-3605 WP CSV Exporter Project Improper Neutralization of Formula Elements in a CSV File vulnerability in WP CSV Exporter Project WP CSV Exporter

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.

7.8
2022-12-12 CVE-2022-1038 HP Unspecified vulnerability in HP Jumpstart

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege.

7.8
2022-12-12 CVE-2022-38395 HP Uncontrolled Search Path Element vulnerability in HP Support Assistant 8.1.40.3/8.7.50/8.7.50.3

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool.

7.8
2022-12-12 CVE-2022-44649 Trendmicro Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019

An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations.

7.8
2022-12-12 CVE-2022-44650 Trendmicro Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019

A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations.

7.8
2022-12-12 CVE-2022-44652 Trendmicro Improper Handling of Exceptional Conditions vulnerability in Trendmicro Apex ONE 14.0.10349/2019

An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations.

7.8
2022-12-12 CVE-2022-44653 Trendmicro Path Traversal vulnerability in Trendmicro Apex ONE 14.0.10349/2019

A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations.

7.8
2022-12-18 CVE-2021-4250 A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2.
7.5
2022-12-18 CVE-2021-4249 A vulnerability was found in xml-conduit.
7.5
2022-12-18 CVE-2021-4247 A vulnerability has been found in OWASP NodeGoat and classified as problematic.
7.5
2022-12-18 CVE-2022-47515 An issue was discovered in drachtio-server before 0.8.20.
7.5
2022-12-18 CVE-2022-47516 Drachtio Reachable Assertion vulnerability in Drachtio Drachtio-Server

An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20.

7.5
2022-12-18 CVE-2022-47517 An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19.
7.5
2022-12-17 CVE-2022-23488 Bigbluebutton Exposure of Resource to Wrong Sphere vulnerability in Bigbluebutton 2.4

BigBlueButton is an open source web conferencing system.

7.5
2022-12-16 CVE-2022-3157 A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
7.5
2022-12-16 CVE-2022-2966 Deltaww Out-of-bounds Read vulnerability in Deltaww Dopsoft

Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions.

7.5
2022-12-16 CVE-2022-3166 Rockwellautomation Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition.

7.5
2022-12-16 CVE-2022-4565 A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10.
7.5
2022-12-16 CVE-2022-46109 Tenda Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

7.5
2022-12-16 CVE-2021-35252 Common encryption key appears to be used across all deployed instances of Serv-U FTP Server.
7.5
2022-12-16 CVE-2022-20516 Google Integer Overflow or Wraparound vulnerability in Google Android 13.0

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow.

7.5
2022-12-16 CVE-2022-20545 Google Improper Input Validation vulnerability in Google Android 13.0

In bindArtworkAndColors of MediaControlPanel.java, there is a possible way to crash the phone due to improper input validation.

7.5
2022-12-16 CVE-2022-20560 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A

7.5
2022-12-16 CVE-2022-20601 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-204541506References: N/A

7.5
2022-12-16 CVE-2022-20602 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/A

7.5
2022-12-16 CVE-2022-20605 Google Out-of-bounds Read vulnerability in Google Android

In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible out of bounds read due to an incorrect bounds check.

7.5
2022-12-16 CVE-2022-42524 Google Out-of-bounds Read vulnerability in Google Android

In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check.

7.5
2022-12-16 CVE-2022-42527 Google Unspecified vulnerability in Google Android

In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check.

7.5
2022-12-16 CVE-2022-46137 Aerocms Project Path Traversal vulnerability in Aerocms Project Aerocms 0.0.1

AeroCMS v0.0.1 is vulnerable to Directory Traversal.

7.5
2022-12-16 CVE-2022-3109 Ffmpeg NULL Pointer Dereference vulnerability in Ffmpeg

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

7.5
2022-12-15 CVE-2022-4511 Docsys Project Path Traversal vulnerability in Docsys Project Docsys

A vulnerability has been found in RainyGao DocSys and classified as critical.

7.5
2022-12-15 CVE-2022-23524 Helm is a tool for managing Charts, pre-configured Kubernetes resources.
7.5
2022-12-15 CVE-2022-23525 Helm is a tool for managing Charts, pre-configured Kubernetes resources.
7.5
2022-12-15 CVE-2022-23526 Helm is a tool for managing Charts, pre-configured Kubernetes resources.
7.5
2022-12-15 CVE-2022-2536 Transposh Improper Authorization vulnerability in Transposh Wordpress Translation

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1.

7.5
2022-12-15 CVE-2022-4504 Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
7.5
2022-12-14 CVE-2022-47409 FP Newsletter Project Unspecified vulnerability in FP Newsletter Project FP Newsletter 1.2.0

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3.

7.5
2022-12-14 CVE-2022-47410 FP Newsletter Project Exposure of Resource to Wrong Sphere vulnerability in FP Newsletter Project FP Newsletter 1.2.0

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3.

7.5
2022-12-14 CVE-2022-47411 FP Newsletter Project Exposure of Resource to Wrong Sphere vulnerability in FP Newsletter Project FP Newsletter 1.2.0

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3.

7.5
2022-12-14 CVE-2022-31703 Vmware Path Traversal vulnerability in VMWare Vrealize LOG Insight

The vRealize Log Insight contains a Directory Traversal Vulnerability.

7.5
2022-12-14 CVE-2022-23517 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
7.5
2022-12-14 CVE-2022-23514 Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.
7.5
2022-12-14 CVE-2022-23516 Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.
7.5
2022-12-14 CVE-2022-23500 TYPO3 is an open source PHP based web content management system.
7.5
2022-12-13 CVE-2022-2660 Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.
7.5
2022-12-13 CVE-2022-4171 The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0.
7.5
2022-12-13 CVE-2022-44713 Microsoft Unspecified vulnerability in Microsoft Office and Office Long Term Servicing Channel

Microsoft Outlook for Mac Spoofing Vulnerability

7.5
2022-12-13 CVE-2021-40365 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.

7.5
2022-12-13 CVE-2021-44693 Siemens Improper Validation of Specified Quantity in Input vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.

7.5
2022-12-13 CVE-2021-44694 Siemens Improper Validation of Specified Type of Input vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.

7.5
2022-12-13 CVE-2021-44695 Siemens Improper Validation of Syntactic Correctness of Input vulnerability in Siemens products

A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.

7.5
2022-12-13 CVE-2022-20483 Google Integer Overflow or Wraparound vulnerability in Google Android

In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows.

7.5
2022-12-13 CVE-2022-25672 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile

7.5
2022-12-13 CVE-2022-25673 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile

7.5
2022-12-13 CVE-2022-25685 Qualcomm Incorrect Authorization vulnerability in Qualcomm products

Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.5
2022-12-13 CVE-2022-25689 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service in Modem due to reachable assertion in Snapdragon Mobile

7.5
2022-12-13 CVE-2022-25691 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service in Modem due to reachable assertion while processing SIB1 with invalid SCS and bandwidth settings in Snapdragon Mobile

7.5
2022-12-13 CVE-2022-25692 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.5
2022-12-13 CVE-2022-25702 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.5
2022-12-13 CVE-2022-33235 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes.

7.5
2022-12-13 CVE-2022-33238 Qualcomm Infinite Loop vulnerability in Qualcomm products

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames.

7.5
2022-12-13 CVE-2022-3996 If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively.
7.5
2022-12-13 CVE-2022-43723 A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06).
7.5
2022-12-13 CVE-2022-45044 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SA82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SD82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ81 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SJ82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SK82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7SL82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions), SIPROTEC 5 7UT82 devices (CPU variant CP150) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP200) (All versions), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions).

7.5
2022-12-13 CVE-2022-46352 A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).
7.5
2022-12-13 CVE-2022-46355 A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).
7.5
2022-12-13 CVE-2022-45685 Jettison Project
Debian
Out-of-bounds Write vulnerability in multiple products

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.

7.5
2022-12-13 CVE-2022-45688 Hutool
Json Java Project
Out-of-bounds Write vulnerability in multiple products

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

7.5
2022-12-13 CVE-2022-45689 Hutool Out-of-bounds Write vulnerability in Hutool 5.8.10

hutool-json v5.8.10 was discovered to contain an out of memory error.

7.5
2022-12-13 CVE-2022-45690 Hutool Out-of-bounds Write vulnerability in Hutool 5.8.10

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

7.5
2022-12-13 CVE-2022-45693 Jettison Project
Debian
Out-of-bounds Write vulnerability in multiple products

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter.

7.5
2022-12-13 CVE-2022-45871 F Secure Unspecified vulnerability in F-Secure Atlant

A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request.

7.5
2022-12-13 CVE-2022-46363 A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration.
7.5
2022-12-13 CVE-2022-23505 Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport.
7.5
2022-12-13 CVE-2022-41268 SAP Improper Privilege Management vulnerability in SAP Business Planning and Consolidation

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used.

7.5
2022-12-12 CVE-2022-45269 Gmaolinx Path Traversal vulnerability in Gmaolinx Linx Sphere 7.35.St15

A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.

7.5
2022-12-12 CVE-2022-3912 Wpeverest Unrestricted Upload of File with Dangerous Type vulnerability in Wpeverest User Registration

The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.

7.5
2022-12-12 CVE-2022-41881 Netty
Debian
Uncontrolled Recursion vulnerability in multiple products

Netty project is an event-driven asynchronous network application framework.

7.5
2022-12-12 CVE-2022-45957 ZTE Out-of-bounds Write vulnerability in ZTE Zxhn-H108Ns Firmware H108Nsv1.0.7Uzrdgr2A68

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.

7.5
2022-12-12 CVE-2022-45979 Tenda Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .

7.5
2022-12-12 CVE-2022-2794 HP Unspecified vulnerability in HP products

Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack.

7.5
2022-12-12 CVE-2022-37907 Arubanetworks Unspecified vulnerability in Arubanetworks Arubaos and Sd-Wan

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system.

7.5
2022-12-12 CVE-2022-37919 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

A vulnerability exists in the API of Aruba EdgeConnect Enterprise.

7.5
2022-12-12 CVE-2022-3509 Google Unspecified vulnerability in Google Protobuf-Java and Protobuf-Javalite

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack.

7.5
2022-12-12 CVE-2022-3510 Google Unspecified vulnerability in Google Protobuf-Java and Protobuf-Javalite

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack.

7.5
2022-12-12 CVE-2022-43780 Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.
7.5
2022-12-12 CVE-2022-44654 Trendmicro Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019

Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads.

7.5
2022-12-12 CVE-2022-25836 Bluetooth Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification

Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator.

7.5
2022-12-12 CVE-2022-25837 Bluetooth Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code.

7.5
2022-12-12 CVE-2022-45227 Dragino Files or Directories Accessible to External Parties vulnerability in Dragino Lg01 Lora Firmware 4.3.4

The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/.

7.5
2022-12-13 CVE-2022-20442 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack.

7.3
2022-12-13 CVE-2022-20501 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android

In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack.

7.3
2022-12-12 CVE-2022-46908 Sqlite Unspecified vulnerability in Sqlite

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

7.3
2022-12-16 CVE-2022-20603 Google Out-of-bounds Write vulnerability in Google Android

In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check.

7.2
2022-12-16 CVE-2022-31707 Vmware Unspecified vulnerability in VMWare Vrealize Operations 8.10.0

vRealize Operations (vROps) contains a privilege escalation vulnerability.

7.2
2022-12-16 CVE-2022-45796 Sharp Command Injection vulnerability in Sharp products

Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.

7.2
2022-12-16 CVE-2022-46135 Aerocms Project Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.

7.2
2022-12-15 CVE-2022-42845 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.2
2022-12-14 CVE-2022-23741 An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges.
7.2
2022-12-14 CVE-2022-31700 Vmware Unspecified vulnerability in VMWare Access, Cloud Foundation and Identity Manager

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability.

7.2
2022-12-14 CVE-2022-46117 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.

7.2
2022-12-14 CVE-2022-46118 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=.

7.2
2022-12-14 CVE-2022-46119 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.

7.2
2022-12-14 CVE-2022-46120 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.

7.2
2022-12-14 CVE-2022-46121 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.

7.2
2022-12-14 CVE-2022-46122 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=.

7.2
2022-12-14 CVE-2022-46123 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.

7.2
2022-12-14 CVE-2022-46124 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.

7.2
2022-12-14 CVE-2022-46125 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=.

7.2
2022-12-14 CVE-2022-46126 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.

7.2
2022-12-14 CVE-2022-46127 Helmet Store Showroom Site Project SQL Injection vulnerability in Helmet Store Showroom Site Project Helmet Store Showroom Site 1.0

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.

7.2
2022-12-14 CVE-2022-42140 Deltaww OS Command Injection vulnerability in Deltaww Dx-2100-L1-Cn Firmware 1.5.0.10

Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose.

7.2
2022-12-13 CVE-2022-41561 Tibco Unspecified vulnerability in Tibco Jasperreports Server 8.1.0

The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system.

7.2
2022-12-13 CVE-2022-46051 Aerocms Project SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.

7.2
2022-12-12 CVE-2022-45275 Dynamic Transaction Queuing System Project Unrestricted Upload of File with Dangerous Type vulnerability in Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System 1.0

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

7.2
2022-12-12 CVE-2022-3925 Buddybadges Project SQL Injection vulnerability in Buddybadges Project Buddybadges

The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

7.2
2022-12-12 CVE-2022-45996 Tenda Command Injection vulnerability in Tenda W20E Firmware 16.01.0.6(3392)

Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.

7.2
2022-12-12 CVE-2022-45997 Tenda Classic Buffer Overflow vulnerability in Tenda W20E Firmware 16.01.0.6(3392)

Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.

7.2
2022-12-12 CVE-2022-37898 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2022-12-12 CVE-2022-37899 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos 10.3.0.0

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2022-12-12 CVE-2022-37900 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos 10.3.0.0

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2022-12-12 CVE-2022-37901 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos 10.3.0.0

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2022-12-12 CVE-2022-37902 Arubanetworks Command Injection vulnerability in Arubanetworks Arubaos 10.3.0.0

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface.

7.2
2022-12-12 CVE-2022-37920 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

7.2
2022-12-12 CVE-2022-37921 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

7.2
2022-12-12 CVE-2022-37922 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

7.2
2022-12-12 CVE-2022-37923 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

7.2
2022-12-12 CVE-2022-37924 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

7.2
2022-12-12 CVE-2022-43541 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host.

7.2
2022-12-12 CVE-2022-44533 Arubanetworks Unspecified vulnerability in Arubanetworks Edgeconnect Enterprise

A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run arbitrary commands on the underlying host.

7.2
2022-12-18 CVE-2022-47520 Linux
Debian
Netapp
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.0.11.

7.1
2022-12-17 CVE-2022-4572 A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0.
7.1
2022-12-15 CVE-2022-42855 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

7.1
2022-12-14 CVE-2022-40264 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker.
7.1
2022-12-12 CVE-2022-38661 Hcltechsw Unspecified vulnerability in Hcltechsw HCL Workload Automation

HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash.

7.1
2022-12-12 CVE-2022-45797 Trendmicro Unspecified vulnerability in Trendmicro Apex ONE 2019

An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations.

7.1
2022-12-15 CVE-2022-42864 Apple Race Condition vulnerability in Apple products

A race condition was addressed with improved state handling.

7.0
2022-12-15 CVE-2022-46689 Apple Race Condition vulnerability in Apple products

A race condition was addressed with additional validation.

7.0
2022-12-13 CVE-2022-44669 Microsoft Race Condition vulnerability in Microsoft products

Windows Error Reporting Elevation of Privilege Vulnerability

7.0
2022-12-13 CVE-2022-44673 Microsoft Unspecified vulnerability in Microsoft products

Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability

7.0
2022-12-13 CVE-2021-39660 Google Race Condition vulnerability in Google Android

In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race condition.

7.0
2022-12-12 CVE-2022-44651 Trendmicro Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.

7.0

385 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-12-16 CVE-2022-26580 Paxtechnology OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service.

6.8
2022-12-16 CVE-2022-26581 Paxtechnology Missing Authorization vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon.

6.8
2022-12-13 CVE-2022-24480 Microsoft Unspecified vulnerability in Microsoft Outlook

Outlook for Android Elevation of Privilege Vulnerability.

6.8
2022-12-13 CVE-2022-44682 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Denial of Service Vulnerability

6.8
2022-12-12 CVE-2022-23511 Amazon Improper Handling of Insufficient Privileges vulnerability in Amazon Cloudwatch Agent

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354.

6.8
2022-12-16 CVE-2022-20504 Google Missing Authorization vulnerability in Google Android 13.0

In multiple locations of DreamManagerService.java, there is a missing permission check.

6.7
2022-12-16 CVE-2022-20505 Google Path Traversal vulnerability in Google Android 13.0

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error.

6.7
2022-12-16 CVE-2022-20509 Google Out-of-bounds Write vulnerability in Google Android 13.0

In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-20514 Google Use After Free vulnerability in Google Android 13.0

In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free.

6.7
2022-12-16 CVE-2022-20539 Google Out-of-bounds Write vulnerability in Google Android 13.0

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-20546 Google Out-of-bounds Write vulnerability in Google Android 13.0

In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-20549 Google Out-of-bounds Write vulnerability in Google Android 13.0

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2022-12-16 CVE-2022-20554 Google Use After Free vulnerability in Google Android 13.0

In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free.

6.7
2022-12-16 CVE-2022-20557 Google Out-of-bounds Read vulnerability in Google Android 13.0

In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check.

6.7
2022-12-16 CVE-2022-20563 Google Out-of-bounds Read vulnerability in Google Android

In TBD of ufdt_convert, there is a possible out of bounds read due to memory corruption.

6.7
2022-12-16 CVE-2022-20564 Google Out-of-bounds Write vulnerability in Google Android

In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2022-12-16 CVE-2022-20569 Google Improper Input Validation vulnerability in Google Android

In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a possible out of bounds write due to improper input validation.

6.7
2022-12-16 CVE-2022-20571 Google Use After Free vulnerability in Google Android

In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free.

6.7
2022-12-16 CVE-2022-20572 Google Incorrect Authorization vulnerability in Google Android

In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check.

6.7
2022-12-16 CVE-2022-20576 Google Out-of-bounds Write vulnerability in Google Android

In externalOnRequest of rilapplication.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-20577 Google Out-of-bounds Write vulnerability in Google Android

In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-20578 Google Out-of-bounds Write vulnerability in Google Android

In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption.

6.7
2022-12-16 CVE-2022-20579 Google Out-of-bounds Write vulnerability in Google Android

In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there is a possible stack clash leading to memory corruption.

6.7
2022-12-16 CVE-2022-20580 Google Out-of-bounds Write vulnerability in Google Android

In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2022-12-16 CVE-2022-20581 Google Unspecified vulnerability in Google Android

In the Pixel camera driver, there is a possible use after free due to a logic error in the code.

6.7
2022-12-16 CVE-2022-20583 Google Out-of-bounds Write vulnerability in Google Android

In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation.

6.7
2022-12-16 CVE-2022-20588 Google Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android

In sysmmu_map of sysmmu.c, there is a possible EoP due to a precondition check failure.

6.7
2022-12-16 CVE-2022-20594 Google Out-of-bounds Write vulnerability in Google Android

In updateStart of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-20596 Google Out-of-bounds Write vulnerability in Google Android

In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-20599 Google Unspecified vulnerability in Google Android

In Pixel firmware, there is a possible exposure of sensitive memory due to a missing bounds check.

6.7
2022-12-16 CVE-2022-25627 Broadcom Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4

6.7
2022-12-16 CVE-2022-42501 Google Out-of-bounds Write vulnerability in Google Android

In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42502 Google Out-of-bounds Write vulnerability in Google Android

In FacilityLock::Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42503 Google Out-of-bounds Write vulnerability in Google Android

In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42504 Google Out-of-bounds Write vulnerability in Google Android

In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2022-12-16 CVE-2022-42505 Google Out-of-bounds Write vulnerability in Google Android

In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbuilder.cpp, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2022-12-16 CVE-2022-42506 Google Out-of-bounds Write vulnerability in Google Android

In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42507 Google Out-of-bounds Write vulnerability in Google Android

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42508 Google Out-of-bounds Write vulnerability in Google Android

In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42509 Google Out-of-bounds Write vulnerability in Google Android

In CallDialReqData::encode of callreqdata.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42510 Google Out-of-bounds Read vulnerability in Google Android

In StringsRequestData::encode of requestdata.cpp, there is a possible out of bounds read due to improper input validation.

6.7
2022-12-16 CVE-2022-42511 Google Out-of-bounds Write vulnerability in Google Android

In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42513 Google Out-of-bounds Write vulnerability in Google Android

In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42518 Google Out-of-bounds Write vulnerability in Google Android

In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42519 Google Out-of-bounds Write vulnerability in Google Android

In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption.

6.7
2022-12-16 CVE-2022-42520 Google Use After Free vulnerability in Google Android

In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free.

6.7
2022-12-16 CVE-2022-42521 Google Out-of-bounds Write vulnerability in Google Android

In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation.

6.7
2022-12-16 CVE-2022-42523 Google Out-of-bounds Write vulnerability in Google Android

In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2022-12-16 CVE-2022-42525 Google Out-of-bounds Write vulnerability in Google Android

In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check.

6.7
2022-12-16 CVE-2022-42526 Google Out-of-bounds Write vulnerability in Google Android

In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-16 CVE-2022-42542 Google Out-of-bounds Write vulnerability in Google Android 13.0

In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check.

6.7
2022-12-13 CVE-2022-41115 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability.
6.6
2022-12-16 CVE-2022-23530 GuardDog is a CLI tool to identify malicious PyPI packages.
6.5
2022-12-16 CVE-2022-41972 Contiki NG NULL Pointer Dereference vulnerability in Contiki-Ng

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices.

6.5
2022-12-16 CVE-2022-20553 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 13.0

In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack.

6.5
2022-12-16 CVE-2022-42343 Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
6.5
2022-12-16 CVE-2021-28655 Apache Improper Input Validation vulnerability in Apache Zeppelin

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files.

6.5
2022-12-15 CVE-2022-23507 Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications.
6.5
2022-12-15 CVE-2022-3427 The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56.
6.5
2022-12-15 CVE-2022-42852 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

6.5
2022-12-15 CVE-2022-46695 Apple Improper Restriction of Rendered UI Layers or Frames vulnerability in Apple products

A spoofing issue existed in the handling of URLs.

6.5
2022-12-15 CVE-2022-46698 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved checks.

6.5
2022-12-15 CVE-2022-27498 Lansweeper Path Traversal vulnerability in Lansweeper 10.1.1.0

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0.

6.5
2022-12-15 CVE-2022-29511 Lansweeper Path Traversal vulnerability in Lansweeper 10.1.1.0

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0.

6.5
2022-12-14 CVE-2022-47407 Master Quiz Project Unspecified vulnerability in Master-Quiz Project Master-Quiz

An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3.

6.5
2022-12-14 CVE-2022-4501 Topdigitaltrends Missing Authorization vulnerability in Topdigitaltrends Mega Addons for Wpbakery Page Builder

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7.

6.5
2022-12-14 CVE-2022-23501 TYPO3 is an open source PHP based web content management system.
6.5
2022-12-14 CVE-2020-9420 Arcadyan Cleartext Transmission of Sensitive Information vulnerability in Arcadyan Vrv9506Jac23 Firmware

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.

6.5
2022-12-13 CVE-2022-44679 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Information Disclosure Vulnerability

6.5
2022-12-13 CVE-2022-44707 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Denial of Service Vulnerability

6.5
2022-12-13 CVE-2022-20468 Google Out-of-bounds Read vulnerability in Google Android

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check.

6.5
2022-12-13 CVE-2022-27581 Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.
6.5
2022-12-13 CVE-2022-45937 A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5).
6.5
2022-12-13 CVE-2022-46140 Siemens Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens products

Affected devices use a weak encryption scheme to encrypt the debug zip file.

6.5
2022-12-13 CVE-2022-46144 Siemens Improper Control of a Resource Through its Lifetime vulnerability in Siemens products

A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= 2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= 2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= 2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= 2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= 2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= 2.3 < V3.0).

6.5
2022-12-13 CVE-2022-46832 Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.
6.5
2022-12-13 CVE-2022-46833 Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.
6.5
2022-12-13 CVE-2022-46834 Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface.
6.5
2022-12-13 CVE-2022-46059 Aerocms Project Cross-Site Request Forgery (CSRF) vulnerability in Aerocms Project Aerocms 0.0.1

AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

6.5
2022-12-13 CVE-2022-38124 Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
6.5
2022-12-13 CVE-2022-41915 Netty
Debian
Interpretation Conflict vulnerability in multiple products

Netty project is an event-driven asynchronous network application framework.

6.5
2022-12-13 CVE-2022-41274 SAP Incorrect Authorization vulnerability in SAP Disclosure Management 10.1

SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data.

6.5
2022-12-12 CVE-2022-3879 CAR Dealer Project Incorrect Authorization vulnerability in CAR Dealer Project CAR Dealer

The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

6.5
2022-12-12 CVE-2022-3880 Antihacker Project Incorrect Authorization vulnerability in Antihacker Project Antihacker

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

6.5
2022-12-12 CVE-2022-3882 WP Memory Project Incorrect Authorization vulnerability in Wp-Memory Project Wp-Memory

The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

6.5
2022-12-12 CVE-2022-3883 Stopbadbots Project Incorrect Authorization vulnerability in Stopbadbots Project Stopbadbots

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

6.5
2022-12-12 CVE-2022-3930 Wpwax Authorization Bypass Through User-Controlled Key vulnerability in Wpwax Directorist

The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.

6.5
2022-12-12 CVE-2022-3946 Collne Missing Authorization vulnerability in Collne Welcart E-Commerce

The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.

6.5
2022-12-12 CVE-2022-4016 Booster Cross-Site Request Forgery (CSRF) vulnerability in Booster for Woocommerce

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks

6.5
2022-12-12 CVE-2022-4311 Arcinformatique Information Exposure Through Log Files vulnerability in Arcinformatique Pcvue 15/15.2.2

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2.

6.5
2022-12-12 CVE-2022-37908 Arubanetworks Unspecified vulnerability in Arubanetworks Arubaos and Sd-Wan

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers.

6.5
2022-12-12 CVE-2022-37910 Arubanetworks Classic Buffer Overflow vulnerability in Arubanetworks Arubaos and Sd-Wan

A buffer overflow vulnerability exists in the ArubaOS command line interface.

6.5
2022-12-12 CVE-2022-37928 HPE Insufficient Verification of Data Authenticity vulnerability in HPE products

Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

6.5
2022-12-12 CVE-2022-42446 Hcltech Incorrect Default Permissions vulnerability in Hcltech Sametime 12.0

Starting with Sametime 12, anonymous users are enabled by default.

6.5
2022-12-12 CVE-2022-43518 Arubanetworks Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface.

6.5
2022-12-12 CVE-2022-44532 Arubanetworks Path Traversal vulnerability in Arubanetworks Edgeconnect Enterprise

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface.

6.5
2022-12-12 CVE-2022-20691 Cisco Resource Exhaustion vulnerability in Cisco products

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device.

6.5
2022-12-12 CVE-2022-46688 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sonar Gerrit

A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

6.5
2022-12-16 CVE-2022-20567 Google Race Condition vulnerability in Google Android

In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition.

6.4
2022-12-18 CVE-2021-4251 A vulnerability classified as problematic was found in as.
6.1
2022-12-18 CVE-2021-4252 A vulnerability, which was classified as problematic, has been found in WP-Ban.
6.1
2022-12-18 CVE-2021-4253 A vulnerability, which was classified as problematic, was found in ctrlo lenio.
6.1
2022-12-18 CVE-2021-4254 A vulnerability has been found in ctrlo lenio and classified as problematic.
6.1
2022-12-18 CVE-2021-4255 A vulnerability was found in ctrlo lenio and classified as problematic.
6.1
2022-12-18 CVE-2021-4256 A vulnerability was found in ctrlo lenio.
6.1
2022-12-18 CVE-2021-4257 A vulnerability was found in ctrlo lenio.
6.1
2022-12-18 CVE-2022-4595 A vulnerability classified as problematic has been found in django-openipam.
6.1
2022-12-18 CVE-2022-4593 A vulnerability was found in retra-system.
6.1
2022-12-17 CVE-2022-4590 A vulnerability was found in mschaef toto up to 1.4.20.
6.1
2022-12-17 CVE-2022-4591 A vulnerability was found in mschaef toto up to 1.4.20.
6.1
2022-12-17 CVE-2022-4581 Mind MAP Project Improper Enforcement of Message or Data Structure vulnerability in Mind-Map Project Mind-Map

A vulnerability was found in 1j01 mind-map and classified as problematic.

6.1
2022-12-17 CVE-2022-4582 A vulnerability was found in starter-public-edition-4 up to 4.6.10.
6.1
2022-12-17 CVE-2022-4585 OC Server3 Project Cross-site Scripting vulnerability in Oc-Server3 Project Oc-Server3

A vulnerability classified as problematic has been found in Opencaching Deutschland oc-server3.

6.1
2022-12-17 CVE-2022-4586 A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3.
6.1
2022-12-17 CVE-2022-4588 Bostonsleep Cross-site Scripting vulnerability in Bostonsleep Slice

A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x.

6.1
2022-12-17 CVE-2022-4589 Django Terms AND Conditions Project Open Redirect vulnerability in Django Terms and Conditions Project Django Terms and Conditions

A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic.

6.1
2022-12-16 CVE-2022-46670 Rockwellautomation Cross-site Scripting vulnerability in Rockwellautomation Micrologix 1100 Firmware and Micrologix 1400 Firmware

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution.

6.1
2022-12-16 CVE-2022-4556 A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic.
6.1
2022-12-16 CVE-2022-4558 A vulnerability was found in Alinto SOGo up to 5.7.1.
6.1
2022-12-16 CVE-2022-4559 A vulnerability was found in INEX IPX-Manager up to 6.2.0.
6.1
2022-12-16 CVE-2022-4560 Joget Cross-site Scripting vulnerability in Joget DX

A vulnerability was found in Joget up to 7.0.31.

6.1
2022-12-16 CVE-2022-4561 A vulnerability classified as problematic has been found in SemanticDrilldown Extension.
6.1
2022-12-16 CVE-2022-36223 Emby Cross-site Scripting vulnerability in Emby 4.6.7.0

In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.

6.1
2022-12-15 CVE-2022-4520 A vulnerability was found in WSO2 carbon-registry up to 4.8.11.
6.1
2022-12-15 CVE-2022-4521 Wso2 Cross-site Scripting vulnerability in Wso2 Carbon-Registry

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6.

6.1
2022-12-15 CVE-2022-4522 A vulnerability classified as problematic was found in CalendarXP up to 10.0.1.
6.1
2022-12-15 CVE-2022-4523 Virtual Exim Project Improper Enforcement of Message or Data Structure vulnerability in Virtual Exim Project Virtual Exim 2

A vulnerability, which was classified as problematic, has been found in vexim2.

6.1
2022-12-15 CVE-2022-4524 Roots Cross-site Scripting vulnerability in Roots Soil 4.1.0

A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x.

6.1
2022-12-15 CVE-2022-4525 Sleepdata Cross-site Scripting vulnerability in Sleepdata

A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic.

6.1
2022-12-15 CVE-2022-4526 A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic.
6.1
2022-12-15 CVE-2022-4527 Collective Task Project Cross-site Scripting vulnerability in Collective.Task Project Collective.Task

A vulnerability was found in collective.task up to 3.0.8.

6.1
2022-12-15 CVE-2022-4513 A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg.
6.1
2022-12-15 CVE-2022-4514 Opencaching Cross-site Scripting vulnerability in Opencaching Oc-Server3

A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3.

6.1
2022-12-15 CVE-2020-20589 Feehi Cross-site Scripting vulnerability in Feehi Feehicms 2.0.8

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.

6.1
2022-12-15 CVE-2020-21219 Netgate Cross-site Scripting vulnerability in Netgate Acme and Pfsense

Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.

6.1
2022-12-15 CVE-2020-36607 Feehi Cross-site Scripting vulnerability in Feehi Feehicms 2.0.8

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag.

6.1
2022-12-15 CVE-2021-36572 Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page.
6.1
2022-12-15 CVE-2022-23474 Editor.js is a block-style editor with clean JSON output.
6.1
2022-12-15 CVE-2022-44235 ZED 3 Cross-site Scripting vulnerability in Zed-3 Voip Simplicity ASG 8.5.0.17807

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS).

6.1
2022-12-15 CVE-2022-32763 Lansweeper Cross-site Scripting vulnerability in Lansweeper 10.1.1.0

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0.

6.1
2022-12-15 CVE-2022-4502 Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
6.1
2022-12-15 CVE-2022-4503 Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
6.1
2022-12-14 CVE-2022-23520 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
6.1
2022-12-14 CVE-2022-23527 mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server.
6.1
2022-12-14 CVE-2022-23518 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
6.1
2022-12-14 CVE-2022-23519 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
6.1
2022-12-14 CVE-2022-46073 Helmet Store Showroom Project Cross-site Scripting vulnerability in Helmet Store Showroom Project Helmet Store Showroom 1.0

Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).

6.1
2022-12-14 CVE-2022-4495 Collective DMS Basecontent Project Cross-site Scripting vulnerability in Collective.Dms.Basecontent Project Collective.Dms.Basecontent

A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6.

6.1
2022-12-14 CVE-2022-23515 Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.
6.1
2022-12-14 CVE-2022-3073 Weidmueller Cross-site Scripting vulnerability in Weidmueller products

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g.

6.1
2022-12-13 CVE-2022-46381 Niceforyou Cross-site Scripting vulnerability in Niceforyou Linear Emerge E3 Access Control Firmware

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component).

6.1
2022-12-13 CVE-2022-23499 HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.
6.1
2022-12-13 CVE-2022-38628 Niceforyou Cross-site Scripting vulnerability in Niceforyou Linear Emerge E3 Access Control Firmware

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation.

6.1
2022-12-13 CVE-2022-45028 Arris Cross-site Scripting vulnerability in Arris Nvg443B Firmware 9.3.0H3D36

A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.

6.1
2022-12-13 CVE-2022-4455 A vulnerability, which was classified as problematic, was found in sproctor php-calendar.
6.1
2022-12-13 CVE-2022-4456 A vulnerability has been found in falling-fruit and classified as problematic.
6.1
2022-12-13 CVE-2022-44575 Siemens Cross-site Scripting vulnerability in Siemens PLM Help Server 4.2

A vulnerability has been identified in PLM Help Server V4.2 (All versions).

6.1
2022-12-13 CVE-2022-46265 Siemens Injection vulnerability in Siemens Polarion ALM

A vulnerability has been identified in Polarion ALM (All versions).

6.1
2022-12-13 CVE-2022-46350 A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).
6.1
2022-12-13 CVE-2022-44303 Resque Scheduler Project Cross-site Scripting vulnerability in Resque-Scheduler Project Resque-Scheduler

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS).

6.1
2022-12-13 CVE-2022-46061 Aerocms Project Improper Restriction of Rendered UI Layers or Frames vulnerability in Aerocms Project Aerocms 0.0.1

AeroCMS v0.0.1 is vulnerable to ClickJacking.

6.1
2022-12-13 CVE-2022-4444 A vulnerability was found in ipti br.tag.
6.1
2022-12-13 CVE-2022-41273 SAP Open Redirect vulnerability in SAP Contract Lifecycle Manager and Sourcing

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website.

6.1
2022-12-13 CVE-2022-41275 SAP Open Redirect vulnerability in SAP Solution Manager 740/750

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.

6.1
2022-12-13 CVE-2022-41266 SAP Cross-site Scripting vulnerability in SAP Commerce Webservices 2.0

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack.

6.1
2022-12-13 CVE-2021-41943 Logrhythm Cross-site Scripting vulnerability in Logrhythm 7.4.9

Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field.

6.1
2022-12-12 CVE-2022-41262 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.50

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header.

6.1
2022-12-12 CVE-2022-46905 Websoft Cross-site Scripting vulnerability in Websoft HCM 2021.2.3.327

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

6.1
2022-12-12 CVE-2022-3908 Helloprint Cross-site Scripting vulnerability in Helloprint

The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

6.1
2022-12-12 CVE-2021-4243 Jquery Minicolors Project Cross-site Scripting vulnerability in Jquery-Minicolors Project Jquery-Minicolors

A vulnerability was found in claviska jquery-minicolors up to 2.3.5.

6.1
2022-12-12 CVE-2021-4244 Yikesplugins Cross-site Scripting vulnerability in Yikesplugins Easy Forms for Mailchimp

A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5.

6.1
2022-12-12 CVE-2022-4421 Rathena Cross-site Scripting vulnerability in Rathena Fluxcp

A vulnerability was found in rAthena FluxCP.

6.1
2022-12-12 CVE-2021-46846 HP Cross-site Scripting vulnerability in HP Integrated Lights-Out 5 Firmware 1.30/1.37/1.40

Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.

6.1
2022-12-12 CVE-2022-34318 IBM Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Cics TX 11.1

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim.

6.1
2022-12-12 CVE-2022-37925 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Enterprise

A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.

6.1
2022-12-12 CVE-2022-37927 HPE Open Redirect vulnerability in HPE Oneview Global Dashboard

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).

6.1
2022-12-12 CVE-2022-46683 Jenkins Open Redirect vulnerability in Jenkins Google Login 1.4

Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

6.1
2022-12-12 CVE-2022-44031 Redmine Cross-site Scripting vulnerability in Redmine

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.

6.1
2022-12-12 CVE-2022-44637 Redmine Cross-site Scripting vulnerability in Redmine

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields.

6.1
2022-12-12 CVE-2022-45756 Sens Project Cross-site Scripting vulnerability in Sens Project Sens

SENS v1.0 is vulnerable to Cross Site Scripting (XSS).

6.1
2022-12-12 CVE-2022-4413 Nuxt Cross-site Scripting vulnerability in Nuxt Framework 3.0.0

Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13.

6.1
2022-12-12 CVE-2022-4414 Nuxt Cross-site Scripting vulnerability in Nuxt Framework 3.0.0

Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13.

6.1
2022-12-16 CVE-2022-26579 Paxtechnology Insufficient Verification of Data Authenticity vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages.

6.0
2022-12-16 CVE-2022-4326 Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality.
6.0
2022-12-12 CVE-2022-31596 SAP Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted.

6.0
2022-12-15 CVE-2022-32531 Apache Improper Certificate Validation vulnerability in Apache Bookkeeper 4.15.0

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails.

5.9
2022-12-15 CVE-2022-46768 Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053.
5.9
2022-12-14 CVE-2020-4497 IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents.
5.9
2022-12-14 CVE-2022-3590 Wordpress Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Wordpress 4.1

WordPress is affected by an unauthenticated blind SSRF in the pingback feature.

5.9
2022-12-16 CVE-2022-41964 Bigbluebutton Information Exposure vulnerability in Bigbluebutton 2.4

BigBlueButton is an open source web conferencing system.

5.7
2022-12-13 CVE-2022-46142 Siemens Storing Passwords in a Recoverable Format vulnerability in Siemens products

Affected devices store the CLI user passwords encrypted in flash memory.

5.7
2022-12-12 CVE-2022-3881 Wptools Project Incorrect Authorization vulnerability in Wptools Project Wptools

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org

5.7
2022-12-16 CVE-2022-20199 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 13.0

In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy.

5.5
2022-12-16 CVE-2022-20510 Google Missing Authorization vulnerability in Google Android 13.0

In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java, there is a possible way to learn about the notification streaming policy of other users due to a permissions bypass.

5.5
2022-12-16 CVE-2022-20511 Google Incorrect Default Permissions vulnerability in Google Android 13.0

In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check.

5.5
2022-12-16 CVE-2022-20513 Google Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android 13.0

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check.

5.5
2022-12-16 CVE-2022-20515 Google Unspecified vulnerability in Google Android 13.0

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy.

5.5
2022-12-16 CVE-2022-20517 Google SQL Injection vulnerability in Google Android 13.0

In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection.

5.5
2022-12-16 CVE-2022-20518 Google SQL Injection vulnerability in Google Android 13.0

In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection.

5.5
2022-12-16 CVE-2022-20523 Google Out-of-bounds Read vulnerability in Google Android 13.0

In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check.

5.5
2022-12-16 CVE-2022-20527 Google Out-of-bounds Read vulnerability in Google Android 13.0

In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check.

5.5
2022-12-16 CVE-2022-20538 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-12-16 CVE-2022-20552 Google Use After Free vulnerability in Google Android 13.0

In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free.

5.5
2022-12-16 CVE-2022-20570 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-230660904References: N/A

5.5
2022-12-16 CVE-2022-20574 Google Improper Input Validation vulnerability in Google Android

In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read due to improper input validation.

5.5
2022-12-16 CVE-2022-20575 Google Out-of-bounds Read vulnerability in Google Android

In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read due to an incorrect bounds check.

5.5
2022-12-16 CVE-2022-20590 Google Improper Input Validation vulnerability in Google Android

In valid_va_sec_mfc_check of drm_access_control.c, there is a possible information disclosure due to improper input validation.

5.5
2022-12-16 CVE-2022-20591 Google Unspecified vulnerability in Google Android

In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code.

5.5
2022-12-16 CVE-2022-20592 Google Improper Input Validation vulnerability in Google Android

In ppmp_validate_secbuf of drm_fw.c, there is a possible information disclosure due to improper input validation.

5.5
2022-12-16 CVE-2022-20604 Google Out-of-bounds Read vulnerability in Google Android

In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check.

5.5
2022-12-16 CVE-2022-20608 Google Out-of-bounds Read vulnerability in Google Android

In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check.

5.5
2022-12-16 CVE-2022-20609 Google Out-of-bounds Read vulnerability in Google Android

In Pixel cellular firmware, there is a possible out of bounds read due to a missing bounds check.

5.5
2022-12-16 CVE-2022-42535 Google SQL Injection vulnerability in Google Android 13.0

In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection.

5.5
2022-12-16 CVE-2022-44498 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator 27.0

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2022-12-16 CVE-2022-44499 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator 27.0

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2022-12-16 CVE-2022-44500 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator 27.0

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2022-12-16 CVE-2022-44502 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator 27.0

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2022-12-15 CVE-2022-32916 Apple Out-of-bounds Read vulnerability in Apple Iphone OS

An out-of-bounds read issue existed that led to the disclosure of kernel memory.

5.5
2022-12-15 CVE-2022-42821 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

5.5
2022-12-15 CVE-2022-42843 Apple Exposure of Resource to Wrong Sphere vulnerability in Apple products

This issue was addressed with improved data protection.

5.5
2022-12-15 CVE-2022-42846 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved memory handling.

5.5
2022-12-15 CVE-2022-42851 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved memory handling.

5.5
2022-12-15 CVE-2022-42853 Apple Unspecified vulnerability in Apple Macos

An access issue was addressed with improved access restrictions.

5.5
2022-12-15 CVE-2022-42854 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

5.5
2022-12-15 CVE-2022-42859 Apple Unspecified vulnerability in Apple products

Multiple issues were addressed by removing the vulnerable code.

5.5
2022-12-15 CVE-2022-42862 This issue was addressed by removing the vulnerable code.
5.5
2022-12-15 CVE-2022-42865 Apple Unspecified vulnerability in Apple products

This issue was addressed by enabling hardened runtime.

5.5
2022-12-15 CVE-2022-42866 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved handling of caches.

5.5
2022-12-15 CVE-2022-46692 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

5.5
2022-12-15 CVE-2022-46702 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved memory handling.

5.5
2022-12-14 CVE-2022-3917 Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.
5.5
2022-12-14 CVE-2022-3104 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3105 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3106 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3107 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3108 Linux Unchecked Return Value vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3110 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3111 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3112 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3113 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3114 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-14 CVE-2022-3115 Linux NULL Pointer Dereference vulnerability in Linux Kernel 5.16.0

An issue was discovered in the Linux kernel through 5.16-rc6.

5.5
2022-12-13 CVE-2022-44874 Wasm3 Project Out-of-bounds Write vulnerability in Wasm3 Project Wasm3 20220828

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h.

5.5
2022-12-13 CVE-2022-38355 Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.
5.5
2022-12-13 CVE-2022-41074 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Information Disclosure Vulnerability

5.5
2022-12-13 CVE-2022-44674 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Driver Information Disclosure Vulnerability

5.5
2022-12-13 CVE-2022-44699 Microsoft Incorrect Authorization vulnerability in Microsoft Azure Network Watcher Agent

Azure Network Watcher Agent Security Feature Bypass Vulnerability.

5.5
2022-12-13 CVE-2021-0934 Google Resource Exhaustion vulnerability in Google Android

In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion.

5.5
2022-12-13 CVE-2022-20466 Google Insecure Default Initialization of Resource vulnerability in Google Android

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value.

5.5
2022-12-13 CVE-2022-20471 Google Out-of-bounds Read vulnerability in Google Android

In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check.

5.5
2022-12-13 CVE-2022-20476 Google Infinite Loop vulnerability in Google Android

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion.

5.5
2022-12-13 CVE-2022-20482 Google Resource Exhaustion vulnerability in Google Android 12.0/12.1/13.0

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion.

5.5
2022-12-13 CVE-2022-20496 Google Use After Free vulnerability in Google Android 12.0/12.1/13.0

In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free.

5.5
2022-12-13 CVE-2022-20500 Google Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception.

5.5
2022-12-13 CVE-2022-20502 Google Use After Free vulnerability in Google Android 13.0

In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache.

5.5
2022-12-13 CVE-2022-25675 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

5.5
2022-12-13 CVE-2022-31697 Vmware Cleartext Storage of Sensitive Information vulnerability in VMWare Vcenter Server 6.5/6.7/7.0

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext.

5.5
2022-12-13 CVE-2022-46351 A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).
5.5
2022-12-13 CVE-2022-23523 In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from.
5.5
2022-12-12 CVE-2022-41261 SAP Improper Access Control vulnerability in SAP Solution Manager 7.20

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files.

5.5
2022-12-12 CVE-2022-4312 Arcinformatique Cleartext Storage of Sensitive Information vulnerability in Arcinformatique Pcvue 12.0.26/15/15.2.2

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3.

5.5
2022-12-12 CVE-2022-37911 Arubanetworks XXE vulnerability in Arubanetworks Arubaos and Sd-Wan

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS.

5.5
2022-12-12 CVE-2022-37929 HPE Improper Privilege Management vulnerability in HPE products

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

5.5
2022-12-12 CVE-2022-37930 HPE Unspecified vulnerability in HPE products

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.

5.5
2022-12-12 CVE-2022-44647 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations.

5.5
2022-12-12 CVE-2022-44648 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations.

5.5
2022-12-18 CVE-2022-4605 Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
5.4
2022-12-18 CVE-2022-4596 Shoplazza Improper Enforcement of Message or Data Structure vulnerability in Shoplazza Lifestyle 1.1

A vulnerability, which was classified as problematic, has been found in Shoplazza 1.1.

5.4
2022-12-18 CVE-2022-4597 Shoplazza Improper Enforcement of Message or Data Structure vulnerability in Shoplazza Lifestyle 1.1

A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1.

5.4
2022-12-18 CVE-2022-4598 Shoplazza Cross-site Scripting vulnerability in Shoplazza Lifestyle 1.1

A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic.

5.4
2022-12-18 CVE-2022-4599 Shoplazza Cross-site Scripting vulnerability in Shoplazza Lifestyle 1.1

A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as problematic.

5.4
2022-12-18 CVE-2022-4600 Shoplazza Cross-site Scripting vulnerability in Shoplazza Lifestyle 1.1

A vulnerability was found in Shoplazza LifeStyle 1.1.

5.4
2022-12-18 CVE-2022-4601 Shoplazza Cross-site Scripting vulnerability in Shoplazza Lifestyle 1.1

A vulnerability was found in Shoplazza LifeStyle 1.1.

5.4
2022-12-18 CVE-2022-4602 Shoplazza Cross-site Scripting vulnerability in Shoplazza Lifestyle 1.1

A vulnerability was found in Shoplazza LifeStyle 1.1.

5.4
2022-12-17 CVE-2022-4587 A vulnerability, which was classified as problematic, has been found in Opencaching Deutschland oc-server3.
5.4
2022-12-16 CVE-2022-35694 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-35696 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-38106 Solarwinds Cross-site Scripting vulnerability in Solarwinds Serv-U 15.3.0/15.3.1

This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1.

5.4
2022-12-16 CVE-2022-42360 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-42366 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-42367 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-44462 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-44468 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-44469 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-44473 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-12-16 CVE-2022-46870 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers.
5.4
2022-12-15 CVE-2021-36573 File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.
5.4
2022-12-15 CVE-2021-39427 Vtimecn Cross-site Scripting vulnerability in Vtimecn 188Jianzhan 2.10

Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code via the username parameter to /admin/reg.php.

5.4
2022-12-15 CVE-2021-39428 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.5.4

Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.

5.4
2022-12-15 CVE-2022-40000 Feehi Cross-site Scripting vulnerability in Feehi Feehicms 2.1.1

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.

5.4
2022-12-15 CVE-2022-40001 Feehi Cross-site Scripting vulnerability in Feehi Feehicms 2.1.1

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.

5.4
2022-12-15 CVE-2022-40002 Feehi Cross-site Scripting vulnerability in Feehi Feehicms 2.1.1

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.

5.4
2022-12-15 CVE-2022-40373 Feehi Cross-site Scripting vulnerability in Feehi Feehicms 2.1.1

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.

5.4
2022-12-15 CVE-2022-45033 Expense Tracker Project Cross-site Scripting vulnerability in Expense Tracker Project Expense Tracker 1.0

A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.

5.4
2022-12-15 CVE-2022-28703 Lansweeper Cross-site Scripting vulnerability in Lansweeper 10.1.1.0

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0.

5.4
2022-12-14 CVE-2022-4410 The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles.
5.4
2022-12-14 CVE-2022-23502 TYPO3 is an open source PHP based web content management system.
5.4
2022-12-14 CVE-2020-9419 Arcadyan Cross-site Scripting vulnerability in Arcadyan Vrv9506Jac23 Firmware

Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard.

5.4
2022-12-14 CVE-2022-42141 Deltaww Cross-site Scripting vulnerability in Deltaww Dx-2100-L1-Cn Firmware 1.5.0.10

Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter.

5.4
2022-12-13 CVE-2022-43996 The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html.
5.4
2022-12-13 CVE-2022-4207 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping.
5.4
2022-12-13 CVE-2022-41563 Tibco Cross-site Scripting vulnerability in Tibco Jasperreports Server 8.1.0

The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system.

5.4
2022-12-13 CVE-2022-44698 Microsoft Incorrect Authorization vulnerability in Microsoft products

Windows SmartScreen Security Feature Bypass Vulnerability

5.4
2022-12-13 CVE-2022-44731 Siemens Argument Injection or Modification vulnerability in Siemens Simatic Wincc OA

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014).

5.4
2022-12-12 CVE-2022-46903 Websoft Cross-site Scripting vulnerability in Websoft HCM 2021.2.3.327

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS.

5.4
2022-12-12 CVE-2022-46904 Websoft Cross-site Scripting vulnerability in Websoft HCM 2021.2.3.327

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS.

5.4
2022-12-12 CVE-2022-46906 Websoft Cross-site Scripting vulnerability in Websoft HCM 2021.2.3.327

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

5.4
2022-12-12 CVE-2022-3853 Supra CSV Parser Project Cross-site Scripting vulnerability in Supra-Csv-Parser Project Supra-Csv-Parser

Cross-site Scripting (XSS) is a client-side code injection attack.

5.4
2022-12-12 CVE-2022-3933 G5Theme Cross-site Scripting vulnerability in G5Theme Essential Real Estate

The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.

5.4
2022-12-12 CVE-2022-3934 Mehanoid Cross-site Scripting vulnerability in Mehanoid Flat PM 2.661

The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

5.4
2022-12-12 CVE-2022-3935 Collne Cross-site Scripting vulnerability in Collne Welcart E-Commerce

The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

5.4
2022-12-12 CVE-2022-4005 Donation Button Project Cross-site Scripting vulnerability in Donation Button Project Donation Button

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

5.4
2022-12-12 CVE-2022-45970 Alist Project Cross-site Scripting vulnerability in Alist Project Alist 3.5.1

Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.

5.4
2022-12-12 CVE-2022-37926 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Enterprise

A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file.

5.4
2022-12-12 CVE-2021-38997 IBM Improper Encoding or Escaping of Output vulnerability in IBM API Connect

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

5.4
2022-12-12 CVE-2022-46684 Jenkins Cross-site Scripting vulnerability in Jenkins Checkmarx

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.

5.4
2022-12-12 CVE-2022-46686 Jenkins Cross-site Scripting vulnerability in Jenkins Custom Build Properties

Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.

5.4
2022-12-12 CVE-2022-46687 Jenkins Cross-site Scripting vulnerability in Jenkins Spring Config

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.

5.4
2022-12-12 CVE-2022-45758 Sens Project Cross-site Scripting vulnerability in Sens Project Sens

SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister.

5.4
2022-12-16 CVE-2022-20530 Google Unspecified vulnerability in Google Android 13.0

In strings.xml, there is a possible permission bypass due to a misleading string.

5.3
2022-12-16 CVE-2022-25626 Broadcom Improper Authentication vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4

An unauthenticated user can access Identity Manager’s management console specific page URLs.

5.3
2022-12-16 CVE-2022-4555 The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0.
5.3
2022-12-15 CVE-2022-46392 ARM
Fedoraproject
Information Exposure Through Discrepancy vulnerability in multiple products

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.

5.3
2022-12-15 CVE-2020-24855 Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request.
5.3
2022-12-15 CVE-2022-32833 Apple Exposure of Resource to Wrong Sphere vulnerability in Apple Iphone OS

An issue existed with the file paths used to store website data.

5.3
2022-12-15 CVE-2022-32943 Apple Unspecified vulnerability in Apple Macos 13.0

The issue was addressed with improved bounds checks.

5.3
2022-12-14 CVE-2022-31701 Vmware Improper Authentication vulnerability in VMWare products

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability.

5.3
2022-12-13 CVE-2022-31698 Vmware Unspecified vulnerability in VMWare Cloud Foundation and Vcenter Server

The vCenter Server contains a denial-of-service vulnerability in the content library service.

5.3
2022-12-13 CVE-2022-46354 A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7).
5.3
2022-12-12 CVE-2022-4097 The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
5.3
2022-12-12 CVE-2022-45956 BOA Incorrect Authorization vulnerability in BOA 0.94.13/0.94.14

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.

5.3
2022-12-12 CVE-2022-37909 Arubanetworks Unspecified vulnerability in Arubanetworks Arubaos and Sd-Wan

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs.

5.3
2022-12-12 CVE-2022-20686 Cisco Code Injection vulnerability in Cisco products

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart.

5.3
2022-12-12 CVE-2022-20687 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart.

5.3
2022-12-12 CVE-2022-20688 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause Cisco Discovery Protocol service to restart.

5.3
2022-12-16 CVE-2022-20521 Google NULL Pointer Dereference vulnerability in Google Android 13.0

In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check.

5.0
2022-12-16 CVE-2022-20606 Google Out-of-bounds Read vulnerability in Google Android

In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check.

4.9
2022-12-16 CVE-2022-31708 Vmware Exposure of Resource to Wrong Sphere vulnerability in VMWare Vrealize Operations 8.10.0

vRealize Operations (vROps) contains a broken access control vulnerability.

4.9
2022-12-14 CVE-2022-23504 TYPO3 is an open source PHP based web content management system.
4.9
2022-12-13 CVE-2022-46047 Aerocms Project SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.

4.9
2022-12-12 CVE-2022-22488 IBM Allocation of Resources Without Limits or Throttling vulnerability in IBM products

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time.

4.9
2022-12-12 CVE-2022-42445 Hcltechsw Insufficiently Protected Credentials vulnerability in Hcltechsw HCL Launch

HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.

4.9
2022-12-15 CVE-2022-4519 The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping.
4.8
2022-12-13 CVE-2022-46058 Aerocms Project Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php.

4.8
2022-12-12 CVE-2022-3609 Getyourguide Ticketing Project Cross-site Scripting vulnerability in Getyourguide Ticketing Project Getyourguide Ticketing

The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-12-12 CVE-2022-3862 Livemeshelementor Cross-site Scripting vulnerability in Livemeshelementor Addons for Elementor

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2022-12-12 CVE-2022-3906 Whitestudio Cross-site Scripting vulnerability in Whitestudio Easy Form Builder

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2022-12-12 CVE-2022-3919 Automattic Cross-site Scripting vulnerability in Automattic Jetpack CRM

The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-12-12 CVE-2022-4000 Dpdgroup Cross-site Scripting vulnerability in Dpdgroup Woocommerce Shipping

The WooCommerce Shipping WordPress plugin through 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2022-12-12 CVE-2022-4010 Webdevocean Cross-site Scripting vulnerability in Webdevocean Image Hover Effects

The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2022-12-12 CVE-2022-32537 Medtronic Unspecified vulnerability in Medtronic products

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components.

4.8
2022-12-13 CVE-2022-20497 Google Unspecified vulnerability in Google Android 12.0/12.1/13.0

In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition.

4.6
2022-12-13 CVE-2022-44636 Samsung Unspecified vulnerability in Samsung products

The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button.

4.6
2022-12-16 CVE-2022-4130 Redhat Unspecified vulnerability in Redhat Satellite 6.10/6.11/6.9

A blind site-to-site request forgery vulnerability was found in Satellite server.

4.5
2022-12-13 CVE-2022-46062 GYM Management System Project Cross-Site Request Forgery (CSRF) vulnerability in GYM Management System Project GYM Management System 0.0.1

Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

4.5
2022-12-16 CVE-2022-20544 Google Missing Authorization vulnerability in Google Android 13.0

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check.

4.4
2022-12-16 CVE-2022-20555 Google Out-of-bounds Read vulnerability in Google Android 13.0

In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-20589 Google Improper Input Validation vulnerability in Google Android

In valid_va_secbuf_check of drm_access_control.c, there is a possible ID due to improper input validation.

4.4
2022-12-16 CVE-2022-20593 Google Out-of-bounds Read vulnerability in Google Android

In pop_descriptor_string of BufferDescriptor.h, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-20595 Google Out-of-bounds Read vulnerability in Google Android

In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-42512 Google Out-of-bounds Read vulnerability in Google Android

In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-42514 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-42515 Google Out-of-bounds Read vulnerability in Google Android

In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-42516 Google Out-of-bounds Read vulnerability in Google Android

In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-42517 Google Out-of-bounds Read vulnerability in Google Android

In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-42522 Google Out-of-bounds Read vulnerability in Google Android

In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check.

4.4
2022-12-16 CVE-2022-42530 Google Out-of-bounds Read vulnerability in Google Android

In Pixel firmware, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-42532 Google Out-of-bounds Read vulnerability in Google Android

In Pixel firmware, there is a possible out of bounds read due to a missing bounds check.

4.4
2022-12-16 CVE-2022-42543 Google Out-of-bounds Read vulnerability in Google Android

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check.

4.4
2022-12-13 CVE-2022-20449 Google Path Traversal vulnerability in Google Android

In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error.

4.4
2022-12-13 CVE-2022-20498 Google Out-of-bounds Read vulnerability in Google Android

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check.

4.4
2022-12-16 CVE-2022-38756 Microfocus Information Exposure Through Log Files vulnerability in Microfocus Groupwise

A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2.

4.3
2022-12-16 CVE-2022-23490 Bigbluebutton Incorrect Authorization vulnerability in Bigbluebutton

BigBlueButton is an open source web conferencing system.

4.3
2022-12-16 CVE-2022-42351 Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
4.3
2022-12-16 CVE-2022-41961 Bigbluebutton Origin Validation Error vulnerability in Bigbluebutton 2.4

BigBlueButton is an open source web conferencing system.

4.3
2022-12-16 CVE-2022-41960 BigBlueButton is an open source web conferencing system.
4.3
2022-12-15 CVE-2022-32945 Apple Incorrect Authorization vulnerability in Apple Macos

An access issue was addressed with additional sandbox restrictions on third-party apps.

4.3
2022-12-15 CVE-2022-4505 Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
4.3
2022-12-13 CVE-2022-44688 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3
2022-12-13 CVE-2022-23473 Tuleap is an Open Source Suite to improve management of software developments and collaboration.
4.3
2022-12-13 CVE-2022-46160 Tuleap is an Open Source Suite to improve management of software developments and collaboration.
4.3
2022-12-12 CVE-2022-41263 SAP Improper Authentication vulnerability in SAP Business Objects Business Intelligence Platform 420/430

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted.

4.3
2022-12-12 CVE-2022-4004 Donation Button Project Missing Authorization vulnerability in Donation Button Project Donation Button

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers.

4.3
2022-12-12 CVE-2022-46685 Gitea Cleartext Transmission of Sensitive Information vulnerability in Gitea

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.

4.3
2022-12-16 CVE-2022-20541 Google Out-of-bounds Read vulnerability in Google Android 13.0

In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check.

4.2

27 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-12-12 CVE-2022-45228 Dragino Cross-Site Request Forgery (CSRF) vulnerability in Dragino Lg01 Lora Firmware 4.3.4

Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.

3.5
2022-12-16 CVE-2022-20519 Google Missing Authorization vulnerability in Google Android 13.0

In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check.

3.3
2022-12-16 CVE-2022-20525 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 13.0

In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass.

3.3
2022-12-16 CVE-2022-20526 Google Out-of-bounds Write vulnerability in Google Android 13.0

In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check.

3.3
2022-12-16 CVE-2022-20528 Google Out-of-bounds Read vulnerability in Google Android 13.0

In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check.

3.3
2022-12-16 CVE-2022-20531 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In placeCall of TelecomManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-12-16 CVE-2022-20533 Google Missing Authorization vulnerability in Google Android 13.0

In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check.

3.3
2022-12-16 CVE-2022-20535 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-12-16 CVE-2022-20536 Google Missing Authorization vulnerability in Google Android 13.0

In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check.

3.3
2022-12-16 CVE-2022-20537 Google Missing Authorization vulnerability in Google Android 13.0

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check.

3.3
2022-12-16 CVE-2022-20556 Google Missing Authorization vulnerability in Google Android 13.0

In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check.

3.3
2022-12-16 CVE-2022-20558 Google Unspecified vulnerability in Google Android 13.0

In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass.

3.3
2022-12-16 CVE-2022-20559 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-12-16 CVE-2022-20562 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android

In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code.

3.3
2022-12-13 CVE-2022-31699 Vmware Out-of-bounds Write vulnerability in VMWare Esxi 6.5/6.7

VMware ESXi contains a heap-overflow vulnerability.

3.3
2022-12-13 CVE-2022-41278 Siemens NULL Pointer Dereference vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

3.3
2022-12-13 CVE-2022-41279 Siemens NULL Pointer Dereference vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

3.3
2022-12-13 CVE-2022-41280 Siemens NULL Pointer Dereference vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

3.3
2022-12-13 CVE-2022-41287 Siemens Divide By Zero vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

3.3
2022-12-13 CVE-2022-41288 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

3.3
2022-12-13 CVE-2022-45484 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6).

3.3
2022-12-16 CVE-2022-41963 BigBlueButton is an open source web conferencing system.
3.1
2022-12-16 CVE-2022-41962 Bigbluebutton Incorrect Authorization vulnerability in Bigbluebutton 2.4

BigBlueButton is an open source web conferencing system.

2.7
2022-12-13 CVE-2022-46143 Siemens Improper Validation of Specified Quantity in Input vulnerability in Siemens products

Affected devices do not check the TFTP blocksize correctly.

2.7
2022-12-16 CVE-2022-20529 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 13.0

In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code.

2.4
2022-12-16 CVE-2022-20543 Google Improper Input Validation vulnerability in Google Android 13.0

In multiple locations, there is a possible display crash loop due to improper input validation.

2.3
2022-12-13 CVE-2022-20240 Google Incorrect Default Permissions vulnerability in Google Android 12.0

In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check.

2.3