Total
200722 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45869 | 2022-11-29 | N/A | N/A | ||
| A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. | |||||
| CVE-2022-44097 | 2022-11-29 | N/A | N/A | ||
| Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | |||||
| CVE-2022-44096 | 2022-11-29 | N/A | N/A | ||
| Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | |||||
| CVE-2022-41413 | 2022-11-29 | N/A | N/A | ||
| perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | |||||
| CVE-2022-41412 | 2022-11-29 | N/A | N/A | ||
| An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. | |||||
| CVE-2022-45328 | 2022-11-29 | N/A | N/A | ||
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php. | |||||
| CVE-2022-32966 | 1 Realtek | 2 Rtl8111fp-cg, Rtl8111fp-cg Firmware | 2022-11-29 | N/A | 6.5 MEDIUM |
| RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. | |||||
| CVE-2022-45221 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2022-11-29 | N/A | 4.8 MEDIUM |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter. | |||||
| CVE-2022-45214 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2022-11-29 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. | |||||
| CVE-2022-42100 | 1 Klik Project | 1 Klik | 2022-11-29 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. | |||||
| CVE-2022-42099 | 1 Klik Project | 1 Klik | 2022-11-29 | N/A | 5.4 MEDIUM |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | |||||
| CVE-2022-32967 | 1 Realtek | 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more | 2022-11-29 | N/A | 2.1 LOW |
| RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. | |||||
| CVE-2022-45329 | 1 Aerocms Project | 1 Aerocms | 2022-11-29 | N/A | 7.5 HIGH |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. | |||||
| CVE-2022-42109 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2022-11-29 | N/A | 9.8 CRITICAL |
| Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. | |||||
| CVE-2022-45061 | 1 Python | 1 Python | 2022-11-29 | N/A | 7.5 HIGH |
| An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | |||||
| CVE-2022-38791 | 1 Mariadb | 1 Mariadb | 2022-11-29 | N/A | 5.5 MEDIUM |
| In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | |||||
| CVE-2022-32091 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | |||||
| CVE-2022-32089 | 1 Mariadb | 1 Mariadb | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. | |||||
| CVE-2022-32084 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | |||||
| CVE-2022-32082 | 1 Mariadb | 1 Mariadb | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | |||||