Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 6.1 MEDIUM |
| Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | |||||
| CVE-2022-42930 | 1 Mozilla | 1 Firefox | 2022-12-30 | N/A | 7.1 HIGH |
| If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the <code>ThirdPartyUtil</code> component. This vulnerability affects Firefox < 106. | |||||
| CVE-2022-3155 | 2 Apple, Mozilla | 2 Macos, Thunderbird | 2022-12-30 | N/A | 7.8 HIGH |
| When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3. | |||||
| CVE-2022-29916 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 6.5 MEDIUM |
| Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-47524 | 1 F-secure | 1 Safe | 2022-12-30 | N/A | 5.4 MEDIUM |
| F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack. | |||||
| CVE-2022-29917 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-30 | N/A | 9.8 CRITICAL |
| Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-47931 | 1 Iofinnet | 1 Tss-lib | 2022-12-30 | N/A | 9.1 CRITICAL |
| IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | |||||
| CVE-2022-38658 | 2 Hcltech, Microsoft | 2 Bigfix Server Automation, Windows | 2022-12-30 | N/A | 7.5 HIGH |
| BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed. | |||||
| CVE-2022-47934 | 1 Brave | 1 Brave | 2022-12-30 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. | |||||
| CVE-2022-47933 | 1 Brave | 1 Brave | 2022-12-30 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc. | |||||
| CVE-2022-44381 | 1 Snipeitapp | 1 Snipe-it | 2022-12-30 | N/A | 5.3 MEDIUM |
| Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. | |||||
| CVE-2022-44380 | 1 Snipeitapp | 1 Snipe-it | 2022-12-30 | N/A | 5.4 MEDIUM |
| Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. | |||||
| CVE-2022-47932 | 1 Brave | 1 Brave | 2022-12-30 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. | |||||
| CVE-2022-44012 | 1 Simmeth | 1 Lieferantenmanager | 2022-12-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be decrypted. | |||||
| CVE-2022-44016 | 1 Simmeth | 1 Lieferantenmanager | 2022-12-30 | N/A | 7.5 HIGH |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value. | |||||
| CVE-2022-44014 | 1 Simmeth | 1 Lieferantenmanager | 2022-12-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab. | |||||
| CVE-2022-44013 | 1 Simmeth | 1 Lieferantenmanager | 2022-12-30 | N/A | 9.1 CRITICAL |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked. | |||||
| CVE-2022-25948 | 1 Liquidjs | 1 Liquidjs | 2022-12-30 | N/A | 5.3 MEDIUM |
| The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided. | |||||
| CVE-2022-46421 | 1 Apache | 1 Apache-airflow-providers-apache-hive | 2022-12-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. | |||||
| CVE-2022-46492 | 1 Nbnbk Project | 1 Nbnbk | 2022-12-30 | N/A | 6.5 MEDIUM |
| nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary. | |||||