Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45689 | 1 Hutool | 1 Hutool | 2022-12-15 | N/A | 7.5 HIGH |
| hutool-json v5.8.10 was discovered to contain an out of memory error. | |||||
| CVE-2022-41089 | 1 Microsoft | 11 .net, Windows 10, Windows 11 and 8 more | 2022-12-15 | N/A | 8.8 HIGH |
| .NET Framework Remote Code Execution Vulnerability. | |||||
| CVE-2022-41076 | 1 Microsoft | 11 Powershell, Windows 10, Windows 11 and 8 more | 2022-12-15 | N/A | 8.5 HIGH |
| PowerShell Remote Code Execution Vulnerability. | |||||
| CVE-2022-41121 | 1 Microsoft | 12 Powershell, Remote Desktop, Windows 10 and 9 more | 2022-12-15 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44671, CVE-2022-44680, CVE-2022-44697. | |||||
| CVE-2022-41115 | 1 Microsoft | 1 Edge Chromium | 2022-12-15 | N/A | 6.6 MEDIUM |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability. | |||||
| CVE-2022-46351 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2022-12-15 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). | |||||
| CVE-2022-23505 | 1 Auth0 | 1 Passport-wsfed-saml2 | 2022-12-15 | N/A | 7.5 HIGH |
| Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. This issue is patched in version 4.6.3. Use of SAML2 authentication instead of WSFed is a workaround. | |||||
| CVE-2022-45957 | 1 Zte | 2 Zxhn-h108ns, Zxhn-h108ns Firmware | 2022-12-15 | N/A | 7.5 HIGH |
| ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. | |||||
| CVE-2022-24480 | 1 Microsoft | 1 Outlook | 2022-12-15 | N/A | 6.8 MEDIUM |
| Outlook for Android Elevation of Privilege Vulnerability. | |||||
| CVE-2022-46364 | 1 Apache | 1 Cxf | 2022-12-15 | N/A | 9.8 CRITICAL |
| A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | |||||
| CVE-2022-46350 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2022-12-15 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device. | |||||
| CVE-2022-46062 | 1 Gym Management System Project | 1 Gym Management System | 2022-12-15 | N/A | 4.5 MEDIUM |
| Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | |||||
| CVE-2022-46265 | 1 Siemens | 1 Polarion Alm | 2022-12-15 | N/A | 6.1 MEDIUM |
| A vulnerability has been identified in Polarion ALM (All versions). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites. | |||||
| CVE-2022-45936 | 1 Siemens | 1 Mendix Email Connector | 2022-12-15 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information. | |||||
| CVE-2022-46834 | 1 Sick | 14 Rfu650-10100, Rfu650-10100 Firmware, Rfu650-10101 and 11 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2022-46833 | 1 Sick | 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||
| CVE-2021-40465 | 1 Microsoft | 11 Windows 10, Windows 11 21h2, Windows 7 and 8 more | 2022-12-15 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Text Shaping Remote Code Execution Vulnerability | |||||
| CVE-2021-40463 | 1 Microsoft | 8 Windows 10, Windows 11 21h2, Windows 8.1 and 5 more | 2022-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows NAT Denial of Service Vulnerability | |||||
| CVE-2021-40462 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 11 21h2 and 4 more | 2022-12-15 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | |||||
| CVE-2022-46832 | 1 Sick | 42 Rfu620-10100, Rfu620-10100 Firmware, Rfu620-10101 and 39 more | 2022-12-15 | N/A | 6.5 MEDIUM |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | |||||