Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4193 | 1 Google | 1 Chrome | 2022-12-01 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4195 | 1 Google | 1 Chrome | 2022-12-01 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2022-36960 | 1 Solarwinds | 1 Orion Platform | 2022-12-01 | N/A | 8.8 HIGH |
| SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges. | |||||
| CVE-2022-44038 | 1 Russound | 2 Xsourceplayer 777d, Xsourceplayer 777d Firmware | 2022-12-01 | N/A | 9.8 CRITICAL |
| Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. | |||||
| CVE-2022-38767 | 1 Windriver | 1 Vxworks | 2022-12-01 | N/A | 7.5 HIGH |
| An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. | |||||
| CVE-2022-38166 | 3 Apple, F-secure, Microsoft | 3 Macos, Elements Endpoint Protection, Windows | 2022-11-30 | N/A | 7.5 HIGH |
| In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. | |||||
| CVE-2022-45872 | 1 Iterm2 | 1 Iterm2 | 2022-11-30 | N/A | 9.8 CRITICAL |
| iTerm2 before 3.4.18 mishandles a DECRQSS response. | |||||
| CVE-2022-39833 | 1 Filecloud | 1 Filecloud | 2022-11-30 | N/A | 7.2 HIGH |
| FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. | |||||
| CVE-2022-41404 | 2 Debian, Ini4j Project | 2 Debian Linux, Ini4j | 2022-11-29 | N/A | 7.5 HIGH |
| An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
| CVE-2022-38163 | 1 F-secure | 1 Safe | 2022-11-29 | N/A | 3.5 LOW |
| A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. | |||||
| CVE-2022-38150 | 2 Fedoraproject, Varnish Cache Project | 2 Fedora, Varnish Cache | 2022-11-29 | N/A | 7.5 HIGH |
| In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. | |||||
| CVE-2022-32511 | 2 Fedoraproject, Jmespath Project | 2 Fedora, Jmespath | 2022-11-29 | 7.5 HIGH | 9.8 CRITICAL |
| jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. | |||||
| CVE-2021-27516 | 1 Uri.js Project | 1 Uri.js | 2022-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | |||||
| CVE-2022-41064 | 1 Microsoft | 12 .net Framework, Nuget, Windows 10 and 9 more | 2022-11-29 | N/A | 5.8 MEDIUM |
| .NET Framework Information Disclosure Vulnerability. | |||||
| CVE-2018-2771 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2022-11-28 | 3.5 LOW | 4.4 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-45473 | 1 Drachtio | 1 Drachtio-server | 2022-11-28 | N/A | 5.5 MEDIUM |
| In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. | |||||
| CVE-2021-43039 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. | |||||
| CVE-2021-43040 | 1 Kaseya | 1 Unitrends Backup | 2022-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. | |||||
| CVE-2022-44118 | 1 Dedebiz | 1 Dedecmsv6 | 2022-11-28 | N/A | 9.8 CRITICAL |
| dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. | |||||
| CVE-2022-43196 | 1 Dedebiz | 1 Dedecmsv6 | 2022-11-28 | N/A | 9.1 CRITICAL |
| dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. | |||||