Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37787 | 1 Wecube-platform Project | 1 Wecube-platform | 2023-01-09 | N/A | 6.1 MEDIUM |
| An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page. | |||||
| CVE-2022-37786 | 1 Wecube-platform Project | 1 Wecube-platform | 2023-01-09 | N/A | 6.3 MEDIUM |
| An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home / Admin / Resources] page, the [Home / Admin / System Params] page, and the [Home / Design / Basekey Configuration] page. | |||||
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2023-01-09 | N/A | 7.5 HIGH |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-47952 | 1 Linuxcontainers | 1 Lxc | 2023-01-09 | N/A | 3.3 LOW |
| lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist. | |||||
| CVE-2021-41823 | 1 Kemptechnologies | 1 Web Application Firewall | 2023-01-09 | N/A | 6.1 MEDIUM |
| The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism. | |||||
| CVE-2018-25061 | 1 Rgb2hex Project | 1 Rgb2hex | 2023-01-09 | N/A | 7.5 HIGH |
| A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The name of the patch is 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151. | |||||
| CVE-2017-20160 | 1 Flitto | 1 Express-param | 2023-01-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability. | |||||
| CVE-2014-125027 | 1 Tbdev Project | 1 Tbdev | 2023-01-09 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The name of the patch is 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147. | |||||
| CVE-2022-37785 | 1 Wecube-platform Project | 1 Wecube-platform | 2023-01-09 | N/A | 7.5 HIGH |
| An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configuration for terminal plugins. | |||||
| CVE-2017-20159 | 1 Keynote Project | 1 Keynote | 2023-01-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in rf Keynote up to 0.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability. | |||||
| CVE-2017-20158 | 1 Yii2 Fileapi Widget Project | 1 Yii2 Fileapi Widget | 2023-01-09 | N/A | 6.1 MEDIUM |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The name of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-48195 | 1 Mellium | 1 Sasl | 2023-01-09 | N/A | 9.8 CRITICAL |
| An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication. | |||||
| CVE-2022-46173 | 1 Elrond | 1 Elrond Go | 2023-01-09 | N/A | 6.5 MEDIUM |
| Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches and the processing component. If the above-mentioned transaction was sent with more gas than required, the smart contract result (SCR transaction) that should have returned the leftover gas, would have been wrongly added to a cache that the processing unit did not consider. The node stopped notarizing metachain blocks. The fix was actually to extend the SCR transaction search in all other caches if it wasn't found in the correct (expected) sharded-cache. There are no known workarounds at this time. This issue has been patched in version 1.3.50. | |||||
| CVE-2022-45883 | 2023-01-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | |||||
| CVE-2020-7118 | 2023-01-07 | N/A | N/A | ||
| CVE was unused by HPE. | |||||
| CVE-2020-7112 | 2023-01-07 | N/A | N/A | ||
| CVE was unused by HPE. | |||||
| CVE-2020-24645 | 2023-01-07 | N/A | N/A | ||
| CVE was unused by HPE. | |||||
| CVE-2020-24644 | 2023-01-07 | N/A | N/A | ||
| CVE was unused by HPE. | |||||
| CVE-2020-24643 | 2023-01-07 | N/A | N/A | ||
| CVE was unused by HPE. | |||||
| CVE-2020-24642 | 2023-01-07 | N/A | N/A | ||
| CVE was unused by HPE. | |||||