Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46883 | 1 Mozilla | 1 Firefox | 2023-01-04 | N/A | 8.8 HIGH |
| Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.<br />*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 107. This vulnerability affects Firefox < 107. | |||||
| CVE-2022-46171 | 1 Tauri | 1 Tauri | 2023-01-04 | N/A | 7.7 HIGH |
| Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication. | |||||
| CVE-2022-46882 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-04 | N/A | 9.8 CRITICAL |
| A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. | |||||
| CVE-2022-23547 | 1 Pjsip | 1 Pjsip | 2023-01-04 | N/A | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch. | |||||
| CVE-2020-36629 | 1 Httpster Project | 1 Httpster | 2023-01-04 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748. | |||||
| CVE-2022-45721 | 1 Ip-com | 2 M50, M50 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function. | |||||
| CVE-2022-45720 | 1 Ip-com | 2 M50, M50 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function. | |||||
| CVE-2022-45719 | 1 Ip-com | 2 M50, M50 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function. | |||||
| CVE-2022-45718 | 1 Ip-com | 2 M50, M50 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formIPMacBindAdd function. | |||||
| CVE-2022-45717 | 1 Ip-com | 2 M50, M50 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request. | |||||
| CVE-2022-45716 | 1 Ip-com | 2 M50, M50 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function. | |||||
| CVE-2022-4735 | 1 Dash-live Project | 1 Dash-live | 2023-01-04 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in asrashley dash-live. This vulnerability affects the function ready of the file static/js/media.js of the component DOM Node Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 24d01757a5319cc14c4aa1d8b53d1ab24d48e451. It is recommended to apply a patch to fix this issue. VDB-216766 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-37706 | 1 Enlightenment | 1 Enlightenment | 2023-01-04 | N/A | 7.8 HIGH |
| enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring. | |||||
| CVE-2022-4731 | 1 Myapnea | 1 Myapnea | 2023-01-04 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in myapnea up to 29.0.x. Affected is an unknown function of the component Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 29.1.0 is able to address this issue. The name of the patch is 99934258530d761bd5d09809bfa6c14b598f8d18. It is recommended to upgrade the affected component. VDB-216750 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4277 | 1 Utils Project | 1 Utils | 2023-01-04 | N/A | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability. | |||||
| CVE-2022-28229 | 1 Userver | 1 Userver | 2023-01-04 | N/A | 7.5 HIGH |
| The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions. | |||||
| CVE-2022-47946 | 1 Linux | 1 Linux Kernel | 2023-01-04 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq. | |||||
| CVE-2022-47633 | 1 Kyverno | 1 Kyverno | 2023-01-04 | N/A | 8.1 HIGH |
| An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases. | |||||
| CVE-2022-23551 | 1 Microsoft | 1 Azure Ad Pod Identity | 2023-01-04 | N/A | 5.3 MEDIUM |
| aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release. | |||||
| CVE-2022-45416 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-04 | N/A | 6.5 MEDIUM |
| Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||