Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36572 | 1 Feehi | 1 Feehicms | 2022-12-19 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via the user name field of the login page. | |||||
| CVE-2022-32763 | 1 Lansweeper | 1 Lansweeper | 2022-12-19 | N/A | 6.1 MEDIUM |
| A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-2951 | 1 Altair | 1 Hyperview Player | 2022-12-19 | N/A | 7.8 HIGH |
| Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption. | |||||
| CVE-2022-3532 | 2022-12-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-3531 | 2022-12-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-36573 | 1 Feehi | 1 Feehicms | 2022-12-16 | N/A | 5.4 MEDIUM |
| File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload. | |||||
| CVE-2020-36607 | 1 Feehi | 1 Feehicms | 2022-12-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | |||||
| CVE-2020-20589 | 1 Feehi | 1 Feehicms | 2022-12-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remote attackers to run arbitrary code via tha lang attribute of an html tag. | |||||
| CVE-2022-20463 | 2022-12-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2022-4410 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2022-12-16 | N/A | 5.4 MEDIUM |
| The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts. | |||||
| CVE-2022-47408 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2022-12-16 | N/A | 9.1 CRITICAL |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people. | |||||
| CVE-2022-47411 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2022-12-16 | N/A | 7.5 HIGH |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations. | |||||
| CVE-2022-47410 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2022-12-16 | N/A | 7.5 HIGH |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations. | |||||
| CVE-2022-47409 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2022-12-16 | N/A | 7.5 HIGH |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations. | |||||
| CVE-2022-23519 | 1 Rails Html Sanitizer Project | 1 Rails Html Sanitizer | 2022-12-16 | N/A | 6.1 MEDIUM |
| rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags. | |||||
| CVE-2022-2949 | 1 Altair | 1 Hyperview Player | 2022-12-16 | N/A | 7.8 HIGH |
| Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption. | |||||
| CVE-2022-2947 | 1 Altair | 1 Hyperview Player | 2022-12-16 | N/A | 7.8 HIGH |
| Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation. | |||||
| CVE-2022-3110 | 1 Linux | 1 Linux Kernel | 2022-12-16 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference. | |||||
| CVE-2022-3108 | 1 Linux | 1 Linux Kernel | 2022-12-16 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | |||||
| CVE-2022-23520 | 1 Rails Html Sanitizer Project | 1 Rails Html Sanitizer | 2022-12-16 | N/A | 6.1 MEDIUM |
| rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize. | |||||