Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42471 | 1 Fortinet | 1 Fortiweb | 2023-01-09 | N/A | 5.4 MEDIUM |
| An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers. | |||||
| CVE-2022-32637 | 2 Google, Mediatek | 12 Android, Mt6781, Mt6785 and 9 more | 2023-01-09 | N/A | 6.7 MEDIUM |
| In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374. | |||||
| CVE-2022-32636 | 2 Google, Mediatek | 51 Android, Mt6580, Mt6731 and 48 more | 2023-01-09 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064. | |||||
| CVE-2022-32635 | 2 Google, Mediatek | 49 Android, Mt6580, Mt6735 and 46 more | 2023-01-09 | N/A | 7.8 HIGH |
| In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237. | |||||
| CVE-2022-41336 | 1 Fortinet | 1 Fortiportal | 2023-01-09 | N/A | 4.8 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter. | |||||
| CVE-2022-39947 | 1 Fortinet | 1 Fortiadc | 2023-01-09 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2022-39041 | 1 Aenrich | 1 A\+hrd | 2023-01-09 | N/A | 9.8 CRITICAL |
| aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | |||||
| CVE-2022-39042 | 1 Aenrich | 1 A\+hrd | 2023-01-09 | N/A | 9.8 CRITICAL |
| aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service. | |||||
| CVE-2022-40740 | 1 Realtek | 2 Usdk, Xpon Software Development Kit | 2023-01-09 | N/A | 7.2 HIGH |
| Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | |||||
| CVE-2022-41645 | 1 Fujielectric | 1 V-server | 2023-01-09 | N/A | 7.8 HIGH |
| Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file. | |||||
| CVE-2022-43448 | 1 Fujielectric | 2 Tellus, V-sft | 2023-01-09 | N/A | 7.8 HIGH |
| Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TELLUS v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-46306 | 1 Changingtec | 1 Servisign | 2023-01-09 | N/A | 7.8 HIGH |
| ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service. | |||||
| CVE-2022-4871 | 1 Nflpick-em | 1 Nflpick-em | 2023-01-09 | N/A | 7.2 HIGH |
| A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The name of the patch is dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account | |||||
| CVE-2023-0038 | 1 Ays-pro | 1 Survey Maker | 2023-01-09 | N/A | 6.1 MEDIUM |
| The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page. | |||||
| CVE-2022-22536 | 1 Sap | 3 Content Server, Netweaver Application Server Abap, Web Dispatcher | 2023-01-09 | 10.0 HIGH | 10.0 CRITICAL |
| SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. | |||||
| CVE-2013-10007 | 1 Wp-print-friendly Project | 1 Wp Print Friendly | 2023-01-09 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. The name of the patch is 437787292670c20b4abe20160ebbe8428187f2b4. It is recommended to upgrade the affected component. The identifier VDB-217269 was assigned to this vulnerability. | |||||
| CVE-2021-20784 | 1 Voidtools | 1 Everything | 2023-01-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors. | |||||
| CVE-2012-10002 | 1 Rivettracker Project | 1 Rivettracker | 2023-01-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267. | |||||
| CVE-2022-32623 | 2 Google, Mediatek | 9 Android, Mt6789, Mt6855 and 6 more | 2023-01-09 | N/A | 6.7 MEDIUM |
| In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342114; Issue ID: ALPS07342114. | |||||
| CVE-2022-46304 | 1 Changingtec | 1 Servisign | 2023-01-09 | N/A | 8.8 HIGH |
| ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service. | |||||