Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4665 | 1 Ampache | 1 Ampache | 2022-12-30 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6. | |||||
| CVE-2021-32692 | 2 Activitywatch, Apple | 2 Activitywatch, Macos | 2022-12-30 | N/A | 9.6 CRITICAL |
| Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a malicious string. An attacker could use another application to accomplish the same, but the web browser is the most likely attack vector. This issue is patched in version 0.11.0. As a workaround, users can run the latest version of aw-watcher-window from source, or manually patch the `printAppTitle.scpt` file. | |||||
| CVE-2022-46491 | 1 Nbnbk Project | 1 Nbnbk | 2022-12-30 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts. | |||||
| CVE-2022-46282 | 1 Omron | 1 Cx-drive | 2022-12-30 | N/A | 7.8 HIGH |
| Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file, | |||||
| CVE-2022-44449 | 1 Zenphoto | 1 Zenphoto | 2022-12-30 | N/A | 4.8 MEDIUM |
| Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | |||||
| CVE-2022-24431 | 1 Abacus-ext-cmdline Project | 1 Abacus-ext-cmdline | 2022-12-30 | N/A | 9.8 CRITICAL |
| All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. | |||||
| CVE-2022-4632 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2022-12-30 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. The identifier VDB-216481 was assigned to this vulnerability. | |||||
| CVE-2021-4274 | 1 Bird-lg Project | 1 Bird-lg | 2022-12-30 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216479. | |||||
| CVE-2021-4273 | 1 Studygolang | 1 Studygolang | 2022-12-30 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in studygolang. This vulnerability affects the function Search of the file http/controller/search.go. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 97ba556d42fa89dfaa7737e9cd3a8ddaf670bb23. It is recommended to apply a patch to fix this issue. VDB-216478 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4271 | 1 W2wiki Project | 1 W2wiki | 2022-12-30 | N/A | 6.1 MEDIUM |
| A vulnerability was found in panicsteve w2wiki. It has been rated as problematic. Affected by this issue is the function toHTML of the file index.php of the component Markdown Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8f1d0470b4ddb1c7699e3308e765c11ed29542b6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216476. | |||||
| CVE-2022-47928 | 1 Misp-project | 1 Malware Information Sharing Platform | 2022-12-30 | N/A | 6.1 MEDIUM |
| In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp. | |||||
| CVE-2022-46493 | 1 Nbnbk Project | 1 Nbnbk | 2022-12-30 | N/A | 9.8 CRITICAL |
| Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. | |||||
| CVE-2022-4633 | 1 Auto Upload Images Project | 1 Auto Upload Images | 2022-12-30 | N/A | 8.8 HIGH |
| A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 895770ee93887ec78429c78ffdfb865bee6f9436. It is recommended to upgrade the affected component. VDB-216482 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-23513 | 1 Pi-hole | 1 Adminlte | 2022-12-30 | N/A | 5.3 MEDIUM |
| Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. | |||||
| CVE-2022-23539 | 1 Auth0 | 1 Jsonwebtoken | 2022-12-30 | N/A | 8.1 HIGH |
| Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions. | |||||
| CVE-2022-43599 | 1 Openimageio Project | 1 Openimageio | 2022-12-30 | N/A | 8.1 HIGH |
| Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` | |||||
| CVE-2022-43598 | 1 Openimageio Project | 1 Openimageio | 2022-12-30 | N/A | 8.1 HIGH |
| Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. | |||||
| CVE-2022-43597 | 1 Openimageio Project | 1 Openimageio | 2022-12-30 | N/A | 8.1 HIGH |
| Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`. | |||||
| CVE-2022-43600 | 1 Openimageio Project | 1 Openimageio | 2022-12-30 | N/A | 8.1 HIGH |
| Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16` | |||||
| CVE-2022-43602 | 1 Openimageio Project | 1 Openimageio | 2022-12-30 | N/A | 8.1 HIGH |
| Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `ymax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8` | |||||