Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-24855 | 1 Easyjs | 1 Easywebpack-cli | 2022-12-20 | N/A | 5.3 MEDIUM |
Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request. | |||||
CVE-2022-23526 | 1 Helm | 1 Helm | 2022-12-20 | N/A | 7.5 HIGH |
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions. | |||||
CVE-2022-31700 | 2 Microsoft, Vmware | 4 Windows, Access, Cloud Foundation and 1 more | 2022-12-20 | N/A | 7.2 HIGH |
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | |||||
CVE-2022-31701 | 2 Linux, Vmware | 4 Linux Kernel, Access, Cloud Foundation and 1 more | 2022-12-20 | N/A | 5.3 MEDIUM |
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. | |||||
CVE-2022-4501 | 1 Topdigitaltrends | 1 Mega Addons For Wpbakery Page Builder | 2022-12-20 | N/A | 6.5 MEDIUM |
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings. | |||||
CVE-2020-4497 | 1 Ibm | 1 Spectrum Protect Plus | 2022-12-20 | N/A | 5.9 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106. | |||||
CVE-2022-32948 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2022-12-20 | N/A | 7.8 HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-45969 | 1 Alist Project | 1 Alist | 2022-12-19 | N/A | 9.8 CRITICAL |
Alist v3.4.0 is vulnerable to Directory Traversal, | |||||
CVE-2022-44236 | 1 Zed-3 | 1 Voip Simplicity Asg | 2022-12-19 | N/A | 9.8 CRITICAL |
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. | |||||
CVE-2022-44235 | 1 Zed-3 | 1 Voip Simplicity Asg | 2022-12-19 | N/A | 6.1 MEDIUM |
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS). | |||||
CVE-2022-44588 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2022-12-19 | N/A | 9.8 CRITICAL |
Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. | |||||
CVE-2022-45033 | 1 Expense Tracker Project | 1 Expense Tracker | 2022-12-19 | N/A | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. | |||||
CVE-2022-42805 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2022-12-19 | N/A | 7.8 HIGH |
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-2536 | 1 Transposh | 1 Transposh Wordpress Translation | 2022-12-19 | N/A | 7.5 HIGH |
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab. However, this option is largely ignored, if Transposh has enabled its "autotranslate" feature (it's enabled by default) and the HTTP POST parameter "sr0" is larger than 0. This is caused by a faulty validation in "wp/transposh_db.php." | |||||
CVE-2022-23474 | 1 Codex | 1 Editor.js | 2022-12-19 | N/A | 6.1 MEDIUM |
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0. | |||||
CVE-2022-32531 | 1 Apache | 1 Bookkeeper | 2022-12-19 | N/A | 5.9 MEDIUM |
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1. | |||||
CVE-2022-20540 | 1 Google | 1 Android | 2022-12-19 | N/A | 7.8 HIGH |
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506 | |||||
CVE-2022-20539 | 1 Google | 1 Android | 2022-12-19 | N/A | 6.7 MEDIUM |
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425 | |||||
CVE-2022-20538 | 1 Google | 1 Android | 2022-12-19 | N/A | 5.5 MEDIUM |
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770 | |||||
CVE-2022-20541 | 1 Google | 1 Android | 2022-12-19 | N/A | 4.2 MEDIUM |
In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083126 |