Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35266 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_firmware/` API. | |||||
| CVE-2022-35264 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_aaa_cert_file/` API. | |||||
| CVE-2022-35263 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_file/` API. | |||||
| CVE-2022-35262 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_xml_file/` API. | |||||
| CVE-2022-35261 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-12-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_authorized_keys/` API. | |||||
| CVE-2017-1000367 | 1 Sudo Project | 1 Sudo | 2022-12-22 | 6.9 MEDIUM | 6.4 MEDIUM |
| Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | |||||
| CVE-2022-4125 | 1 Popup Manager Project | 1 Popup Manager | 2022-12-22 | N/A | 4.3 MEDIUM |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well | |||||
| CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2022-12-22 | N/A | 4.3 MEDIUM |
| The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them | |||||
| CVE-2022-3937 | 1 Noorsplugin | 1 Easy Video Player | 2022-12-22 | N/A | 5.4 MEDIUM |
| The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | |||||
| CVE-2022-3832 | 1 External Media Project | 1 External Media | 2022-12-22 | N/A | 4.8 MEDIUM |
| The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-4058 | 1 10web | 1 Photo Gallery | 2022-12-22 | N/A | 5.4 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control. | |||||
| CVE-2022-4050 | 1 Beardev | 1 Joomsport | 2022-12-22 | N/A | 9.8 CRITICAL |
| The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | |||||
| CVE-2022-3961 | 1 Wpwax | 1 Directorist | 2022-12-22 | N/A | 6.5 MEDIUM |
| The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information. | |||||
| CVE-2022-3985 | 1 Wphowto | 1 Videojs Html5 Player | 2022-12-22 | N/A | 5.4 MEDIUM |
| The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-3984 | 1 Wphowto | 1 Flowplayer Video Player | 2022-12-22 | N/A | 5.4 MEDIUM |
| The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-3983 | 1 Noorsplugin | 1 Checkout For Paypal | 2022-12-22 | N/A | 5.4 MEDIUM |
| The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2022-12-22 | N/A | 6.5 MEDIUM |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | |||||
| CVE-2022-3987 | 1 Noorsplugin | 1 Responsive Lightbox2 | 2022-12-22 | N/A | 5.4 MEDIUM |
| The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-3986 | 1 Noorsplugin | 1 Wp Stripe Checkout | 2022-12-22 | N/A | 5.4 MEDIUM |
| The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-46288 | 1 Jacic | 1 Electronic Bidding Core System | 2022-12-22 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||