Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3184 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2022-12-28 | N/A | 9.8 CRITICAL |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory. | |||||
| CVE-2022-3876 | 1 Clickstudios | 1 Passwordstate | 2022-12-28 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability. | |||||
| CVE-2022-38655 | 1 Hcltech | 1 Bigfix Webui | 2022-12-28 | N/A | 5.8 MEDIUM |
| BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. | |||||
| CVE-2022-42454 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2022-12-28 | N/A | 5.3 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access. | |||||
| CVE-2022-3183 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2022-12-28 | N/A | 9.8 CRITICAL |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability. | |||||
| CVE-2022-44756 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2022-12-28 | N/A | 6.5 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access. | |||||
| CVE-2022-3186 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2022-12-28 | N/A | 7.5 HIGH |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information. | |||||
| CVE-2022-47581 | 1 Isode | 1 M-vault | 2022-12-28 | N/A | 7.5 HIGH |
| Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request. | |||||
| CVE-2022-4287 | 1 Devolutions | 1 Remote Desktop Manager | 2022-12-28 | N/A | 8.8 HIGH |
| Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application. | |||||
| CVE-2022-40841 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2022-12-28 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter. | |||||
| CVE-2022-4630 | 1 Daloradius | 1 Daloradius | 2022-12-28 | N/A | 5.3 MEDIUM |
| Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. | |||||
| CVE-2021-4268 | 1 Phpredisadmin Project | 1 Phpredisadmin | 2022-12-28 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.18.0 is able to address this issue. The name of the patch is b9039adbb264c81333328faa9575ecf8e0d2be94. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216471. | |||||
| CVE-2021-4266 | 1 Hitachi | 1 Community Plugin Framework | 2022-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468. | |||||
| CVE-2021-4264 | 1 Linkedin | 1 Dustjs | 2022-12-28 | N/A | 8.8 HIGH |
| A vulnerability was found in LinkedIn dustjs up to 2.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is ddb6523832465d38c9d80189e9de60519ac307c3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216464. | |||||
| CVE-2022-3185 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2022-12-28 | N/A | 5.3 MEDIUM |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. | |||||
| CVE-2020-36623 | 1 Pengu Project | 1 Pengu | 2022-12-28 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475. | |||||
| CVE-2020-36622 | 1 Bienlein Project | 1 Bienlein | 2022-12-28 | N/A | 6.5 MEDIUM |
| A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability. | |||||
| CVE-2022-3189 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2022-12-28 | N/A | 5.3 MEDIUM |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter. | |||||
| CVE-2020-36620 | 1 Enumstringvalues Project | 1 Enumstringvalues | 2022-12-28 | N/A | 7.5 HIGH |
| A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.1 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-36621 | 1 Whatismyudid Project | 1 Whatismyudid | 2022-12-28 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability. | |||||