Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25058 | 1 Twitter-post-fetcher Project | 1 Twitter-post-fetcher | 2023-01-06 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely. Upgrading to version 18.0.0 is able to address this issue. The name of the patch is 7d281c6fb5acbc29a2cad295262c1f0c19ca56f3. It is recommended to upgrade the affected component. The identifier VDB-217017 was assigned to this vulnerability. | |||||
| CVE-2022-45963 | 1 H3c | 22 Secpath F100-c-g3, Secpath F100-c-g3 Firmware, Secpath F500-6gw and 19 more | 2023-01-06 | N/A | 9.8 CRITICAL |
| h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. | |||||
| CVE-2019-9579 | 3 Illumos, Nexenta, Oracle | 3 Illumos, Nexentastor, Solaris | 2023-01-05 | N/A | 8.1 HIGH |
| An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream). | |||||
| CVE-2022-43543 | 3 Docomo, Kddi, Softbank | 3 \+ Message, \+ Message, \+ Message | 2023-01-04 | N/A | 5.4 MEDIUM |
| KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4 | |||||
| CVE-2022-45404 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-04 | N/A | 6.5 MEDIUM |
| Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2022-45408 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-04 | N/A | 6.5 MEDIUM |
| Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2022-47945 | 1 Thinkphp | 1 Thinkphp | 2022-12-30 | N/A | 9.8 CRITICAL |
| ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. | |||||
| CVE-2022-47524 | 1 F-secure | 1 Safe | 2022-12-30 | N/A | 5.4 MEDIUM |
| F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack. | |||||
| CVE-2022-47933 | 1 Brave | 1 Brave | 2022-12-30 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc. | |||||
| CVE-2022-47934 | 1 Brave | 1 Brave | 2022-12-30 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. | |||||
| CVE-2022-47932 | 1 Brave | 1 Brave | 2022-12-30 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. | |||||
| CVE-2022-43380 | 1 Ibm | 2 Aix, Vios | 2022-12-30 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640. | |||||
| CVE-2022-43381 | 1 Ibm | 2 Aix, Vios | 2022-12-30 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639. | |||||
| CVE-2022-28173 | 1 Hikvision | 4 Ds-3wf01c-2n\/o, Ds-3wf01c-2n\/o Firmware, Ds-3wf0ac-2nt and 1 more | 2022-12-29 | N/A | 9.8 CRITICAL |
| The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. | |||||
| CVE-2022-25940 | 1 Lite-server Project | 1 Lite-server | 2022-12-29 | N/A | 7.5 HIGH |
| All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. | |||||
| CVE-2022-44643 | 2 Amd, Grafana | 2 Amd64, Enterprise Metrics | 2022-12-29 | N/A | 8.8 HIGH |
| A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64. | |||||
| CVE-2022-42454 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2022-12-28 | N/A | 5.3 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access. | |||||
| CVE-2022-43486 | 1 Buffalo | 26 Wcr-1166ds, Wcr-1166ds Firmware, Wex-1800ax4 and 23 more | 2022-12-27 | N/A | 6.8 MEDIUM |
| Hidden functionality vulnerability in Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and earlier, WSR-2533DHP2 firmware Ver. 1.22 and earlier, WSR-A2533DHP2 firmware Ver. 1.22 and earlier, WSR-2533DHP3 firmware Ver. 1.26 and earlier, WSR-A2533DHP3 firmware Ver. 1.26 and earlier, WSR-2533DHPL firmware Ver. 1.08 and earlier, WSR-2533DHPL2 firmware Ver. 1.03 and earlier, WSR-2533DHPLS firmware Ver. 1.07 and earlier, WCR-1166DS firmware Ver. 1.34 and earlier, WEX-1800AX4 firmware Ver. 1.13 and earlier, and WEX-1800AX4EA firmware Ver. 1.13 and earlier allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected device. | |||||
| CVE-2021-4221 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-23 | N/A | 4.3 MEDIUM |
| If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92. | |||||
| CVE-2022-20581 | 1 Google | 1 Android | 2022-12-21 | N/A | 6.7 MEDIUM |
| In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A | |||||