Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4455 | 1 Php-calendar | 1 Php-calendar | 2022-12-19 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is recommended to apply a patch to fix this issue. The identifier VDB-215445 was assigned to this vulnerability. | |||||
| CVE-2022-4454 | 1 Bible-online Project | 1 Bible-online | 2022-12-19 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444. | |||||
| CVE-2019-25078 | 1 Pacparser Project | 1 Pacparser | 2022-12-19 | N/A | 7.8 HIGH |
| A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443. | |||||
| CVE-2022-40373 | 1 Feehi | 1 Feehicms | 2022-12-19 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file. | |||||
| CVE-2022-40002 | 1 Feehi | 1 Feehicms | 2022-12-19 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. | |||||
| CVE-2022-40001 | 1 Feehi | 1 Feehicms | 2022-12-19 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. | |||||
| CVE-2022-40000 | 1 Feehi | 1 Feehicms | 2022-12-19 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page. | |||||
| CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2022-12-19 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | |||||
| CVE-2022-4456 | 1 Fallingfruit | 1 Falling-fruit | 2022-12-19 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to apply a patch to fix this issue. VDB-215446 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-31705 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2022-12-19 | N/A | 8.2 HIGH |
| VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | |||||
| CVE-2022-47406 | 1 Change Password For Frontend Users Project | 1 Change Password For Frontend Users | 2022-12-19 | N/A | 9.8 CRITICAL |
| An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed. | |||||
| CVE-2022-46768 | 1 Zabbix | 2 Web Service Report Generation, Zabbix-agent2 | 2022-12-19 | N/A | 5.9 MEDIUM |
| Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files. | |||||
| CVE-2022-2950 | 1 Altair | 1 Hyperview Player | 2022-12-19 | N/A | 7.8 HIGH |
| Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. | |||||
| CVE-2022-32573 | 1 Lansweeper | 1 Lansweeper | 2022-12-19 | N/A | 8.8 HIGH |
| A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-29517 | 1 Lansweeper | 1 Lansweeper | 2022-12-19 | N/A | 8.8 HIGH |
| A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-27498 | 1 Lansweeper | 1 Lansweeper | 2022-12-19 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-29511 | 1 Lansweeper | 1 Lansweeper | 2022-12-19 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-28703 | 1 Lansweeper | 1 Lansweeper | 2022-12-19 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-4390 | 1 Netgear | 2 Ax2400, Ax2400 Firmware | 2022-12-19 | N/A | 10.0 CRITICAL |
| A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network. | |||||
| CVE-2022-45937 | 1 Siemens | 18 Pxc00-e96.a, Pxc00-e96.a Firmware, Pxc100-e96.a and 15 more | 2022-12-19 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials. | |||||