Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22463 | 1 Fit2cloud | 1 Kubepi | 2023-01-10 | N/A | 9.8 CRITICAL |
| KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code. The vulnerability has been fixed in 1.6.3. In the patch, JWT key is specified in app.yml. If the user leaves it blank, a random key will be used. There are no workarounds aside from upgrading. | |||||
| CVE-2022-39102 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39101 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39100 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39099 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39098 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39097 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39096 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39095 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-39094 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-42777 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 7.8 HIGH |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | |||||
| CVE-2022-23506 | 1 Linuxfoundation | 1 Spinnaker | 2023-01-10 | N/A | 7.5 HIGH |
| Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS credentials in packer log files. Versions 1.29.2, 1.28.4, and 1.27.3 of Rosco contain fixes for this issue. A workaround is available. It's recommended to use short lived credentials via role assumption and IAM profiles. Additionally, credentials can be set in `/home/spinnaker/.aws/credentials` and `/home/spinnaker/.aws/config` as a volume mount for Rosco pods vs. setting credentials in roscos bake config properties. Last even with those it's recommend to use IAM Roles vs. long lived credentials. This drastically mitigates the risk of credentials exposure. If users have used static credentials, it's recommended to purge any bake logs for AWS, evaluate whether AWS_ACCESS_KEY, SECRET_KEY and/or other sensitive data has been introduced in log files and bake job logs. Then, rotate these credentials and evaluate potential improper use of those credentials. | |||||
| CVE-2023-0046 | 1 Daloradius | 1 Daloradius | 2023-01-10 | N/A | 7.2 HIGH |
| Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch. | |||||
| CVE-2022-44432 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-44431 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-44430 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-45875 | 1 Apache | 1 Dolphinscheduler | 2023-01-10 | N/A | 9.8 CRITICAL |
| Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. | |||||
| CVE-2022-44442 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-34669 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2023-01-10 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2023-0048 | 1 Daloradius | 1 Daloradius | 2023-01-10 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository lirantal/daloradius prior to master-branch. | |||||