Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40898 | 1 Wheel Project | 1 Wheel | 2022-12-30 | N/A | 7.5 HIGH |
| An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. | |||||
| CVE-2022-3155 | 2 Apple, Mozilla | 2 Macos, Thunderbird | 2022-12-30 | N/A | 7.8 HIGH |
| When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3. | |||||
| CVE-2022-29916 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 6.5 MEDIUM |
| Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-45415 | 1 Mozilla | 1 Firefox | 2022-12-30 | N/A | 7.8 HIGH |
| When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107. | |||||
| CVE-2022-38658 | 2 Hcltech, Microsoft | 2 Bigfix Server Automation, Windows | 2022-12-30 | N/A | 7.5 HIGH |
| BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed. | |||||
| CVE-2022-44014 | 1 Simmeth | 1 Lieferantenmanager | 2022-12-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab. | |||||
| CVE-2022-26384 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 9.6 CRITICAL |
| If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | |||||
| CVE-2022-28283 | 1 Mozilla | 1 Firefox | 2022-12-30 | N/A | 6.5 MEDIUM |
| The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99. | |||||
| CVE-2022-28284 | 1 Mozilla | 1 Firefox | 2022-12-30 | N/A | 8.8 HIGH |
| SVG's <code><use></code> element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with theirs. This vulnerability affects Firefox < 99. | |||||
| CVE-2022-28285 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 6.5 MEDIUM |
| When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | |||||
| CVE-2022-28287 | 1 Mozilla | 1 Firefox | 2022-12-30 | N/A | 6.5 MEDIUM |
| In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. | |||||
| CVE-2022-34483 | 1 Mozilla | 1 Firefox | 2022-12-30 | N/A | 8.8 HIGH |
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34482 | 1 Mozilla | 1 Firefox | 2022-12-30 | N/A | 8.8 HIGH |
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34468 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 8.8 HIGH |
| An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2022-39165 | 1 Ibm | 2 Aix, Vios | 2022-12-30 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183. | |||||
| CVE-2022-40233 | 1 Ibm | 2 Aix, Vios | 2022-12-30 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599. | |||||
| CVE-2022-26383 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 4.3 MEDIUM |
| When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | |||||
| CVE-2022-22761 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 8.8 HIGH |
| Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||
| CVE-2022-22762 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 4.3 MEDIUM |
| Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
| CVE-2022-22763 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 8.8 HIGH |
| When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||