Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37401 | 1 Apache | 1 Openoffice | 2022-12-20 | N/A | 8.8 HIGH |
| Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice | |||||
| CVE-2022-20515 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-220733496 | |||||
| CVE-2022-20527 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In HalCoreCallback of halcore.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229994861 | |||||
| CVE-2022-4513 | 1 Eea | 1 Eionet Content Registry | 2022-12-20 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. This issue affects some unknown processing. The manipulation of the argument searchTag/resourceUri leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2022-06-27T0948 is able to address this issue. The name of the patch is a120c2153e263e62c4db34a06ab96a9f1c6bccb6. It is recommended to upgrade the affected component. The identifier VDB-215885 was assigned to this vulnerability. | |||||
| CVE-2022-4511 | 1 Docsys Project | 1 Docsys | 2022-12-20 | N/A | 7.5 HIGH |
| A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851. | |||||
| CVE-2022-20514 | 1 Google | 1 Android | 2022-12-20 | N/A | 6.7 MEDIUM |
| In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245727875 | |||||
| CVE-2022-20513 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.5 MEDIUM |
| In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569759 | |||||
| CVE-2022-20526 | 1 Google | 1 Android | 2022-12-20 | N/A | 3.3 LOW |
| In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229742774 | |||||
| CVE-2022-20528 | 1 Google | 1 Android | 2022-12-20 | N/A | 3.3 LOW |
| In findParam of HevcUtils.cpp there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230172711 | |||||
| CVE-2022-20529 | 1 Google | 1 Android | 2022-12-20 | N/A | 2.4 LOW |
| In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603 | |||||
| CVE-2022-20530 | 1 Google | 1 Android | 2022-12-20 | N/A | 5.3 MEDIUM |
| In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645 | |||||
| CVE-2022-20533 | 1 Google | 1 Android | 2022-12-20 | N/A | 3.3 LOW |
| In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363 | |||||
| CVE-2022-37018 | 1 Hp | 150 Elite Slice, Elite Slice Firmware, Elite X2 1012 G1 and 147 more | 2022-12-20 | N/A | 8.4 HIGH |
| A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability. | |||||
| CVE-2022-3590 | 1 Wordpress | 1 Wordpress | 2022-12-20 | N/A | 5.9 MEDIUM |
| WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. | |||||
| CVE-2022-3481 | 1 Opmc | 1 Woocommerce Dropshipping | 2022-12-20 | N/A | 9.8 CRITICAL |
| The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2022-4579 | 2022-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | |||||
| CVE-2022-35253 | 2022-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | |||||
| CVE-2022-46870 | 1 Apache | 1 Zeppelin | 2022-12-20 | N/A | 5.4 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin. | |||||
| CVE-2022-41962 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-12-20 | N/A | 2.7 LOW |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds. | |||||
| CVE-2022-41961 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-12-20 | N/A | 4.3 MEDIUM |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered users from the same extId. This issue has been fixed by improving permissions such that banning a user removes all users related to their extId, including registered users that have not joined the meeting. This issue is patched in versions 2.4-rc-6 and 2.5-alpha-1. There are no workarounds. | |||||