Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0140 | 1 Vfbpro | 1 Visual Form Builder | 2023-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Visual Form Builder WordPress plugin before 3.0.8 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. | |||||
| CVE-2022-46391 | 3 Awstats, Debian, Fedoraproject | 3 Awstats, Debian Linux, Fedora | 2023-02-01 | N/A | 6.1 MEDIUM |
| AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | |||||
| CVE-2022-20458 | 1 Google | 1 Android | 2023-02-01 | N/A | 5.5 MEDIUM |
| The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776 | |||||
| CVE-2023-21719 | 1 Microsoft | 1 Edge Chromium | 2023-02-01 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. | |||||
| CVE-2022-3359 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2023-02-01 | N/A | 8.8 HIGH |
| The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | |||||
| CVE-2022-20235 | 1 Google | 1 Android | 2023-02-01 | N/A | 5.5 MEDIUM |
| The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780 | |||||
| CVE-2022-41145 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18283. | |||||
| CVE-2022-41153 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18343. | |||||
| CVE-2022-41146 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18284. | |||||
| CVE-2022-42376 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18529. | |||||
| CVE-2022-42375 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18404. | |||||
| CVE-2022-42369 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18344. | |||||
| CVE-2022-38753 | 1 Microfocus | 1 Netiq Advanced Authentication | 2023-02-01 | N/A | 6.3 MEDIUM |
| This update resolves a multi-factor authentication bypass attack | |||||
| CVE-2018-25073 | 1 Ts-ranksystem | 1 Tsn-ranksystem | 2023-02-01 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-21775 | 1 Microsoft | 1 Edge Chromium | 2023-02-01 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. | |||||
| CVE-2022-42385 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18654. | |||||
| CVE-2022-42384 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18653. | |||||
| CVE-2022-42383 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18652. | |||||
| CVE-2022-42382 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18651. | |||||
| CVE-2022-42381 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-02-01 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18650. | |||||