Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4515 | 2 Debian, Exuberant Ctags Project | 2 Debian Linux, Exuberant Ctags | 2023-01-03 | N/A | 7.8 HIGH |
| A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. | |||||
| CVE-2022-28389 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2023-01-03 | 2.1 LOW | 5.5 MEDIUM |
| mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | |||||
| CVE-2021-3748 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-01-03 | 6.9 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. | |||||
| CVE-2022-23542 | 1 Openfga | 1 Openfga | 2023-01-03 | N/A | 9.8 CRITICAL |
| OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible. | |||||
| CVE-2022-28388 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2023-01-03 | 2.1 LOW | 5.5 MEDIUM |
| usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | |||||
| CVE-2022-3491 | 1 Vim | 1 Vim | 2023-01-03 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | |||||
| CVE-2022-29915 | 1 Mozilla | 1 Firefox | 2023-01-03 | N/A | 4.3 MEDIUM |
| The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. | |||||
| CVE-2022-42949 | 1 Silverstripe | 1 Subsites | 2023-01-03 | N/A | 7.5 HIGH |
| Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. | |||||
| CVE-2022-25893 | 1 Vm2 Project | 1 Vm2 | 2023-01-03 | N/A | 9.8 CRITICAL |
| The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise. | |||||
| CVE-2022-25895 | 1 Lite-dev-server Project | 1 Lite-dev-server | 2023-01-03 | N/A | 7.5 HIGH |
| All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |||||
| CVE-2022-47635 | 1 Wildix | 1 Wms | 2023-01-03 | N/A | 9.8 CRITICAL |
| Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. | |||||
| CVE-2022-37310 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. | |||||
| CVE-2022-37309 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. | |||||
| CVE-2022-37308 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. | |||||
| CVE-2022-31469 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-01-03 | N/A | 6.1 MEDIUM |
| OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. | |||||
| CVE-2022-4738 | 1 Blood Bank Management System Project | 1 Blood Bank Management System | 2023-01-03 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Blood Bank Management System 1.0. Affected is an unknown function of the file index.php?page=users of the component User Registration Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-216774 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-43830 | 2022-12-31 | N/A | N/A | ||
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43829 | 2022-12-31 | N/A | N/A | ||
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43828 | 2022-12-31 | N/A | N/A | ||
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||
| CVE-2022-43827 | 2022-12-31 | N/A | N/A | ||
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. | |||||